Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0008

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.

Published

2019-04-10T20:29:00.380

Last Modified

2024-11-21T04:16:02.183

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 15.1x53-d235	Yes
Operating System	juniper	junos	< 17.1r3	Yes
Operating System	juniper	junos	< 17.2r3	Yes
Operating System	juniper	junos	< 17.3r3-s2	Yes
Operating System	juniper	junos	< 17.4r2-s1	Yes
Operating System	juniper	junos	< 18.1r3-s1	Yes
Operating System	juniper	junos	< 18.2r2	Yes
Operating System	juniper	junos	< 18.2x75-d30	Yes
Operating System	juniper	junos	< 18.3r2	Yes
Operating System	juniper	junos	14.1x53	Yes
Operating System	juniper	junos	17.3	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	18.1	Yes
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4300m	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	qfx5100	-	No
Hardware	juniper	qfx5110	-	No
Hardware	juniper	qfx5120	-	No
Hardware	juniper	qfx5200-32c	-	No
Hardware	juniper	qfx5200-48y	-	No
Hardware	juniper	qfx5210-64c	-	No

References

http://www.securityfocus.com/bid/107897 Third Party Advisory, VDB Entry ([email protected])
https://kb.juniper.net/JSA10930 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/107897 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10930 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)