ID

VAR-201901-1607


CVE

CVE-2019-0011


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001614

DESCRIPTION

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS

Trust: 1.98

sources: NVD: CVE-2019-0011 // JVNDB: JVNDB-2019-001614 // BID: 106534 // VULHUB: VHN-140042

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d102scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d110scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope:neversion: -

Trust: 0.3

sources: BID: 106534 // JVNDB: JVNDB-2019-001614 // NVD: CVE-2019-0011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0011
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0011
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0011
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-371
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140042
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0011
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140042
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0011
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0011
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140042 // JVNDB: JVNDB-2019-001614 // CNNVD: CNNVD-201901-371 // NVD: CVE-2019-0011 // NVD: CVE-2019-0011

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140042 // JVNDB: JVNDB-2019-001614 // NVD: CVE-2019-0011

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-371

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001614

PATCH

title:JSA10911url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10911&actp=METADATA

Trust: 0.8

title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88528

Trust: 0.6

sources: JVNDB: JVNDB-2019-001614 // CNNVD: CNNVD-201901-371

EXTERNAL IDS

db:NVDid:CVE-2019-0011

Trust: 2.8

db:JUNIPERid:JSA10911

Trust: 2.0

db:BIDid:106534

Trust: 2.0

db:JVNDBid:JVNDB-2019-001614

Trust: 0.8

db:CNNVDid:CNNVD-201901-371

Trust: 0.7

db:VULHUBid:VHN-140042

Trust: 0.1

sources: VULHUB: VHN-140042 // BID: 106534 // JVNDB: JVNDB-2019-001614 // CNNVD: CNNVD-201901-371 // NVD: CVE-2019-0011

REFERENCES

url:http://www.securityfocus.com/bid/106534

Trust: 2.3

url:https://kb.juniper.net/jsa10911

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0011

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-0011

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10911&cat=sirt_1&actp=list

Trust: 0.3

sources: VULHUB: VHN-140042 // BID: 106534 // JVNDB: JVNDB-2019-001614 // CNNVD: CNNVD-201901-371 // NVD: CVE-2019-0011

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106534

SOURCES

db:VULHUBid:VHN-140042
db:BIDid:106534
db:JVNDBid:JVNDB-2019-001614
db:CNNVDid:CNNVD-201901-371
db:NVDid:CVE-2019-0011

LAST UPDATE DATE

2024-08-14T15:02:25.428000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140042date:2020-07-22T00:00:00
db:BIDid:106534date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001614date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-371date:2022-01-25T00:00:00
db:NVDid:CVE-2019-0011date:2022-04-29T14:24:58.240

SOURCES RELEASE DATE

db:VULHUBid:VHN-140042date:2019-01-15T00:00:00
db:BIDid:106534date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001614date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-371date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0011date:2019-01-15T21:29:01.230