Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0041

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.

Published

2019-04-10T20:29:00.943

Last Modified

2024-11-21T04:16:06.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	18.2	Yes
Operating System	juniper	junos	18.2	Yes
Hardware	juniper	ex4300-mp	-	No

References

https://kb.juniper.net/JSA10933 Mitigation, Vendor Advisory ([email protected])
https://kb.juniper.net/JSA10933 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)