ID

VAR-201901-1600


CVE

CVE-2019-0001


TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-001363

DESCRIPTION

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the 'bbe-smgd' service due to excessive CPU memory consumption. Juniper MX Series is an MX series router product of Juniper Networks. Junos OS is a set of operating systems used in it. A security vulnerability exists in the Broadband Edge Subscriber Management Daemon (bbe-smgd) in Junos OS on Juniper MX Series

Trust: 1.98

sources: NVD: CVE-2019-0001 // JVNDB: JVNDB-2019-001363 // BID: 106541 // VULHUB: VHN-140032

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3rscope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2rscope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s1scope:neversion: -

Trust: 0.3

sources: BID: 106541 // JVNDB: JVNDB-2019-001363 // NVD: CVE-2019-0001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0001
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0001
value: HIGH

Trust: 1.0

NVD: CVE-2019-0001
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-363
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140032
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0001
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140032
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0001
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0001
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-0001
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140032 // JVNDB: JVNDB-2019-001363 // CNNVD: CNNVD-201901-363 // NVD: CVE-2019-0001 // NVD: CVE-2019-0001

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-140032 // JVNDB: JVNDB-2019-001363 // NVD: CVE-2019-0001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-363

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201901-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001363

PATCH

title:JSA10900url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10900&actp=METADATA

Trust: 0.8

title:Juniper MX Series Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88536

Trust: 0.6

sources: JVNDB: JVNDB-2019-001363 // CNNVD: CNNVD-201901-363

EXTERNAL IDS

db:NVDid:CVE-2019-0001

Trust: 2.8

db:JUNIPERid:JSA10900

Trust: 2.0

db:BIDid:106541

Trust: 2.0

db:JVNDBid:JVNDB-2019-001363

Trust: 0.8

db:CNNVDid:CNNVD-201901-363

Trust: 0.7

db:VULHUBid:VHN-140032

Trust: 0.1

sources: VULHUB: VHN-140032 // BID: 106541 // JVNDB: JVNDB-2019-001363 // CNNVD: CNNVD-201901-363 // NVD: CVE-2019-0001

REFERENCES

url:http://www.securityfocus.com/bid/106541

Trust: 2.3

url:https://kb.juniper.net/jsa10900

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmkfshpmozl7mdwu5ryotibtrwsz4z6x/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w7cpkbw4qz4viy4uxiuvushrj4r2froe/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0001

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-0001

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmkfshpmozl7mdwu5ryotibtrwsz4z6x/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w7cpkbw4qz4viy4uxiuvushrj4r2froe/

Trust: 0.7

url:http://www.juniper.net/

Trust: 0.3

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10900

Trust: 0.3

sources: VULHUB: VHN-140032 // BID: 106541 // JVNDB: JVNDB-2019-001363 // CNNVD: CNNVD-201901-363 // NVD: CVE-2019-0001

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106541

SOURCES

db:VULHUBid:VHN-140032
db:BIDid:106541
db:JVNDBid:JVNDB-2019-001363
db:CNNVDid:CNNVD-201901-363
db:NVDid:CVE-2019-0001

LAST UPDATE DATE

2024-08-14T14:45:28.957000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140032date:2020-09-29T00:00:00
db:BIDid:106541date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001363date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-363date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0001date:2023-11-07T03:01:39.547

SOURCES RELEASE DATE

db:VULHUBid:VHN-140032date:2019-01-15T00:00:00
db:BIDid:106541date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001363date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-363date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0001date:2019-01-15T21:29:00.760