Sign-up

ID

VAR-201901-1610


CVE

CVE-2019-0014


TITLE

Juniper Networks Junos OS Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001691

DESCRIPTION

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100. Juniper Networks Junos OS Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a remote denial-of-service vulnerability. Juniper QFX and PTX Series are different series of switch products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it. A security vulnerability exists in Junos OS on Juniper QFX and PTX Series

Trust: 1.98

sources: NVD: CVE-2019-0014 // JVNDB: JVNDB-2019-001691 // BID: 106556 // VULHUB: VHN-140045

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d102scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2r1-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d91scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2x75-d100scope:neversion: -

Trust: 0.3

sources: BID: 106556 // JVNDB: JVNDB-2019-001691 // NVD: CVE-2019-0014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0014
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0014
value: HIGH

Trust: 1.0

NVD: CVE-2019-0014
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-374
value: HIGH

Trust: 0.6

VULHUB: VHN-140045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0014
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140045
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0014
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-140045 // JVNDB: JVNDB-2019-001691 // CNNVD: CNNVD-201901-374 // NVD: CVE-2019-0014 // NVD: CVE-2019-0014

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.9

sources: VULHUB: VHN-140045 // JVNDB: JVNDB-2019-001691 // NVD: CVE-2019-0014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-374

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001691

PATCH
title:JSA10914url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10914&actp=METADATA
Trust: 0.8
title:Juniper QFX  and PTX Series Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88525
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001691 // 
            
            
            
            CNNVD: CNNVD-201901-374

EXTERNAL IDS
db:NVDid:CVE-2019-0014
Trust: 2.8
db:BIDid:106556
Trust: 2.0
db:JUNIPERid:JSA10914
Trust: 2.0
db:JVNDBid:JVNDB-2019-001691
Trust: 0.8
db:CNNVDid:CNNVD-201901-374
Trust: 0.7
db:VULHUBid:VHN-140045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140045 // 
            
            
            
            BID: 106556 // 
            
            
            
            JVNDB: JVNDB-2019-001691 // 
            
            
            
            CNNVD: CNNVD-201901-374 // 
            
            
            
            NVD: CVE-2019-0014

REFERENCES
url:http://www.securityfocus.com/bid/106556
Trust: 2.3
url:https://kb.juniper.net/jsa10914
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0014
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0014
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10914
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140045 // 
            
            
            
            BID: 106556 // 
            
            
            
            JVNDB: JVNDB-2019-001691 // 
            
            
            
            CNNVD: CNNVD-201901-374 // 
            
            
            
            NVD: CVE-2019-0014

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106556

SOURCES
db:VULHUBid:VHN-140045
db:BIDid:106556
db:JVNDBid:JVNDB-2019-001691
db:CNNVDid:CNNVD-201901-374
db:NVDid:CVE-2019-0014

LAST UPDATE DATE
2024-11-23T22:58:46.974000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140045date:2020-07-22T00:00:00
db:BIDid:106556date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001691date:2019-03-22T00:00:00
db:CNNVDid:CNNVD-201901-374date:2019-10-17T00:00:00
db:NVDid:CVE-2019-0014date:2024-11-21T04:16:03.133

SOURCES RELEASE DATE
db:VULHUBid:VHN-140045date:2019-01-15T00:00:00
db:BIDid:106556date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001691date:2019-03-22T00:00:00
db:CNNVDid:CNNVD-201901-374date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0014date:2019-01-15T21:29:01.387