Details of VAR-201901-1633

ID

VAR-201901-1633

CVE

CVE-2019-0005

TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-001364

DESCRIPTION

On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Information may be tampered with. Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Juniper EX2300 and others are all switch products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it

Trust: 1.98

sources: NVD: CVE-2019-0005 // JVNDB: JVNDB-2019-001364 // BID: 106665 // VULHUB: VHN-140036

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos 18.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.4r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.3r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d70	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d68	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d67	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d66	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d65	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d64	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d63	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d62	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d60	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d59	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d58	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d57	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d55	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d49	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d48	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d47	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d33	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d31	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d233	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d232	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d231	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d230	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d105	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d45	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d44	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d42	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d34	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d28	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d18	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d16	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d12	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.1r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.4r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.3r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.2r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.1r2-s10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 16.1r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d591	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d234	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d47	scope:	ne	version:	-	Trust: 0.3

sources: BID: 106665 // JVNDB: JVNDB-2019-001364 // NVD: CVE-2019-0005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0005
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0005
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-366
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140036
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0005
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140036
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0005
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0005
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140036 // JVNDB: JVNDB-2019-001364 // CNNVD: CNNVD-201901-366 // NVD: CVE-2019-0005

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-140036 // JVNDB: JVNDB-2019-001364 // NVD: CVE-2019-0005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-366

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201901-366

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001364

PATCH

title:	JSA10905	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&actp=METADATA	Trust: 0.8
title:	Multiple Juniper product Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88539	Trust: 0.6

sources: JVNDB: JVNDB-2019-001364 // CNNVD: CNNVD-201901-366

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0005	Trust: 2.8
db:	BID	id:	106665	Trust: 2.0
db:	JUNIPER	id:	JSA10905	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001364	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-366	Trust: 0.7
db:	VULHUB	id:	VHN-140036	Trust: 0.1

sources: VULHUB: VHN-140036 // BID: 106665 // JVNDB: JVNDB-2019-001364 // CNNVD: CNNVD-201901-366 // NVD: CVE-2019-0005

REFERENCES

url:	http://www.securityfocus.com/bid/106665	Trust: 2.3
url:	https://kb.juniper.net/jsa10905	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0005	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0005	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10905&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-140036 // BID: 106665 // JVNDB: JVNDB-2019-001364 // CNNVD: CNNVD-201901-366 // NVD: CVE-2019-0005

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106665

SOURCES

db:	VULHUB	id:	VHN-140036
db:	BID	id:	106665
db:	JVNDB	id:	JVNDB-2019-001364
db:	CNNVD	id:	CNNVD-201901-366
db:	NVD	id:	CVE-2019-0005

LAST UPDATE DATE

2024-11-23T22:48:30.020000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140036	date:	2020-08-24T00:00:00
db:	BID	id:	106665	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001364	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-366	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0005	date:	2024-11-21T04:16:01.723

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140036	date:	2019-01-15T00:00:00
db:	BID	id:	106665	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001364	date:	2019-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201901-366	date:	2019-01-11T00:00:00
db:	NVD	id:	CVE-2019-0005	date:	2019-01-15T21:29:00.963