Details of VAR-201901-1605

ID

VAR-201901-1605

CVE

CVE-2019-0009

TITLE

Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001712

DESCRIPTION

On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2. Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Juniper EX2300 and EX3400 series are switch products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it. A security vulnerability exists in Junos OS Release 15.1X53, Release 18.1, and Release 18.2 on the Juniper EX2300 and EX3400 series

Trust: 1.98

sources: NVD: CVE-2019-0009 // JVNDB: JVNDB-2019-001712 // BID: 106548 // VULHUB: VHN-140040

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x53	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x53-d590	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	18.2r2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	18.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	18.1r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	18.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	18.1r2-s2	Trust: 0.8
vendor:	juniper	model:	junos 18.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r2-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d495	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d471	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d470	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d235	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d234	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d233	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d232	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d231	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d230	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	ex3400 ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	ex2300 ethernet switch	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 18.2r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r2-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d590	scope:	ne	version:	-	Trust: 0.3

sources: BID: 106548 // JVNDB: JVNDB-2019-001712 // NVD: CVE-2019-0009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0009
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2019-0009
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0009
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-369
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140040
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-0009
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140040
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2019-0009
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-0009
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-140040 // JVNDB: JVNDB-2019-001712 // CNNVD: CNNVD-201901-369 // NVD: CVE-2019-0009 // NVD: CVE-2019-0009

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-140040 // JVNDB: JVNDB-2019-001712 // NVD: CVE-2019-0009

THREAT TYPE

local

Trust: 0.9

sources: BID: 106548 // CNNVD: CNNVD-201901-369

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-369

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001712

PATCH

title:	JSA10909	url:	https://kb.juniper.net/JSA10909	Trust: 0.8
title:	Juniper EX2300 and EX3400 series Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88530	Trust: 0.6

sources: JVNDB: JVNDB-2019-001712 // CNNVD: CNNVD-201901-369

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0009	Trust: 2.8
db:	BID	id:	106548	Trust: 2.0
db:	JUNIPER	id:	JSA10909	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001712	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-369	Trust: 0.7
db:	VULHUB	id:	VHN-140040	Trust: 0.1

sources: VULHUB: VHN-140040 // BID: 106548 // JVNDB: JVNDB-2019-001712 // CNNVD: CNNVD-201901-369 // NVD: CVE-2019-0009

REFERENCES

url:	http://www.securityfocus.com/bid/106548	Trust: 2.3
url:	https://kb.juniper.net/jsa10909	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0009	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0009	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10909	Trust: 0.3

sources: VULHUB: VHN-140040 // BID: 106548 // JVNDB: JVNDB-2019-001712 // CNNVD: CNNVD-201901-369 // NVD: CVE-2019-0009

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106548

SOURCES

db:	VULHUB	id:	VHN-140040
db:	BID	id:	106548
db:	JVNDB	id:	JVNDB-2019-001712
db:	CNNVD	id:	CNNVD-201901-369
db:	NVD	id:	CVE-2019-0009

LAST UPDATE DATE

2024-08-14T13:26:59.762000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140040	date:	2020-07-22T00:00:00
db:	BID	id:	106548	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001712	date:	2019-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-369	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-0009	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140040	date:	2019-01-15T00:00:00
db:	BID	id:	106548	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001712	date:	2019-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201901-369	date:	2019-01-11T00:00:00
db:	NVD	id:	CVE-2019-0009	date:	2019-01-15T21:29:01.137