Sign-up

ID

VAR-201901-1607


CVE

CVE-2019-0011


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001614

DESCRIPTION

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS

Trust: 1.98

sources: NVD: CVE-2019-0011 // JVNDB: JVNDB-2019-001614 // BID: 106534 // VULHUB: VHN-140042

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d102scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d110scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope:neversion: -

Trust: 0.3

sources: BID: 106534 // JVNDB: JVNDB-2019-001614 // NVD: CVE-2019-0011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0011
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0011
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0011
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-371
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140042
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0011
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140042
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0011
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0011
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140042 // JVNDB: JVNDB-2019-001614 // CNNVD: CNNVD-201901-371 // NVD: CVE-2019-0011 // NVD: CVE-2019-0011

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140042 // JVNDB: JVNDB-2019-001614 // NVD: CVE-2019-0011

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-371

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001614

PATCH
title:JSA10911url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10911&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88528
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001614 // 
            
            
            
            CNNVD: CNNVD-201901-371

EXTERNAL IDS
db:NVDid:CVE-2019-0011
Trust: 2.8
db:JUNIPERid:JSA10911
Trust: 2.0
db:BIDid:106534
Trust: 2.0
db:JVNDBid:JVNDB-2019-001614
Trust: 0.8
db:CNNVDid:CNNVD-201901-371
Trust: 0.7
db:VULHUBid:VHN-140042
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140042 // 
            
            
            
            BID: 106534 // 
            
            
            
            JVNDB: JVNDB-2019-001614 // 
            
            
            
            CNNVD: CNNVD-201901-371 // 
            
            
            
            NVD: CVE-2019-0011

REFERENCES
url:http://www.securityfocus.com/bid/106534
Trust: 2.3
url:https://kb.juniper.net/jsa10911
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0011
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0011
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10911&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140042 // 
            
            
            
            BID: 106534 // 
            
            
            
            JVNDB: JVNDB-2019-001614 // 
            
            
            
            CNNVD: CNNVD-201901-371 // 
            
            
            
            NVD: CVE-2019-0011

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106534

SOURCES
db:VULHUBid:VHN-140042
db:BIDid:106534
db:JVNDBid:JVNDB-2019-001614
db:CNNVDid:CNNVD-201901-371
db:NVDid:CVE-2019-0011

LAST UPDATE DATE
2024-11-23T22:26:04.293000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140042date:2020-07-22T00:00:00
db:BIDid:106534date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001614date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-371date:2022-01-25T00:00:00
db:NVDid:CVE-2019-0011date:2024-11-21T04:16:02.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-140042date:2019-01-15T00:00:00
db:BIDid:106534date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001614date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-371date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0011date:2019-01-15T21:29:01.230