Sign-up

ID

VAR-201901-1604


CVE

CVE-2019-0007


TITLE

Juniper Networks Junos OS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2019-001711

DESCRIPTION

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series. Juniper Networks Junos OS Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a security weaknesss. An attacker can exploit this weakness to predict IP ID sequence numbers and bypass certain security restrictions. Junos OS is a set of operating systems running on it. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.07

sources: NVD: CVE-2019-0007 // JVNDB: JVNDB-2019-001711 // BID: 106564 // VULHUB: VHN-140038 // VULMON: CVE-2019-0007

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junos osscope:eqversion:15.1f5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos 15.1f4-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s19scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1a2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5scope:neversion: -

Trust: 0.3

sources: BID: 106564 // JVNDB: JVNDB-2019-001711 // NVD: CVE-2019-0007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0007
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2019-0007
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-0007
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-368
value: CRITICAL

Trust: 0.6

VULHUB: VHN-140038
value: HIGH

Trust: 0.1

VULMON: CVE-2019-0007
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0007
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140038
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0007
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2019-0007
baseSeverity: CRITICAL
baseScore: 9.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-140038 // VULMON: CVE-2019-0007 // JVNDB: JVNDB-2019-001711 // CNNVD: CNNVD-201901-368 // NVD: CVE-2019-0007 // NVD: CVE-2019-0007

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-140038 // JVNDB: JVNDB-2019-001711 // NVD: CVE-2019-0007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-368

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001711

PATCH
title:JSA10903url:https://kb.juniper.net/JSA10903
Trust: 0.8
title:Juniper vMX series Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88531
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001711 // 
            
            
            
            CNNVD: CNNVD-201901-368

EXTERNAL IDS
db:NVDid:CVE-2019-0007
Trust: 2.9
db:JUNIPERid:JSA10903
Trust: 2.1
db:BIDid:106564
Trust: 2.1
db:JVNDBid:JVNDB-2019-001711
Trust: 0.8
db:CNNVDid:CNNVD-201901-368
Trust: 0.7
db:VULHUBid:VHN-140038
Trust: 0.1
db:VULMONid:CVE-2019-0007
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140038 // 
            
            
            
            VULMON: CVE-2019-0007 // 
            
            
            
            BID: 106564 // 
            
            
            
            JVNDB: JVNDB-2019-001711 // 
            
            
            
            CNNVD: CNNVD-201901-368 // 
            
            
            
            NVD: CVE-2019-0007

REFERENCES
url:http://www.securityfocus.com/bid/106564
Trust: 2.4
url:https://kb.juniper.net/jsa10903
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0007
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0007
Trust: 0.8
url:https://www.juniper.net/us/en/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10903&cat=sirt_1&actp=list
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/330.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140038 // 
            
            
            
            VULMON: CVE-2019-0007 // 
            
            
            
            BID: 106564 // 
            
            
            
            JVNDB: JVNDB-2019-001711 // 
            
            
            
            CNNVD: CNNVD-201901-368 // 
            
            
            
            NVD: CVE-2019-0007

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106564

SOURCES
db:VULHUBid:VHN-140038
db:VULMONid:CVE-2019-0007
db:BIDid:106564
db:JVNDBid:JVNDB-2019-001711
db:CNNVDid:CNNVD-201901-368
db:NVDid:CVE-2019-0007

LAST UPDATE DATE
2024-11-23T23:11:55.885000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140038date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-0007date:2020-08-24T00:00:00
db:BIDid:106564date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001711date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-368date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0007date:2024-11-21T04:16:02.037

SOURCES RELEASE DATE
db:VULHUBid:VHN-140038date:2019-01-15T00:00:00
db:VULMONid:CVE-2019-0007date:2019-01-15T00:00:00
db:BIDid:106564date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001711date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-368date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0007date:2019-01-15T21:29:01.087