Details of VAR-201904-1493

ID

VAR-201904-1493

CVE

CVE-2019-0031

TITLE

Juniper Networks Junos OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003359

DESCRIPTION

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. Juniper Networks Junos OS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-0031 // JVNDB: JVNDB-2019-003359 // BID: 107874 // VULHUB: VHN-140062

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	lt	version:	18.1r2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	gte	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	gte	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	lt	version:	17.4r2	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	17.4r2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	18.1r2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	18.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	17.4	Trust: 0.8
vendor:	juniper	model:	junos 18.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 0.3
vendor:	juniper	model:	junos 17.4r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 0.3
vendor:	juniper	model:	junos 18.1r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 17.4r2	scope:	ne	version:	-	Trust: 0.3

sources: BID: 107874 // JVNDB: JVNDB-2019-003359 // NVD: CVE-2019-0031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0031
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2019-0031
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0031
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-563
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140062
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0031
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140062
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0031
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2019-0031
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-0031
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140062 // JVNDB: JVNDB-2019-003359 // CNNVD: CNNVD-201904-563 // NVD: CVE-2019-0031 // NVD: CVE-2019-0031

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-140062 // JVNDB: JVNDB-2019-003359 // NVD: CVE-2019-0031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-563

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-563

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003359

PATCH

title:	JSA10920	url:	https://kb.juniper.net/JSA10920	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91378	Trust: 0.6

sources: JVNDB: JVNDB-2019-003359 // CNNVD: CNNVD-201904-563

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0031	Trust: 2.8
db:	JUNIPER	id:	JSA10920	Trust: 2.0
db:	BID	id:	107874	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003359	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-563	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1266	Trust: 0.6
db:	VULHUB	id:	VHN-140062	Trust: 0.1

sources: VULHUB: VHN-140062 // BID: 107874 // JVNDB: JVNDB-2019-003359 // CNNVD: CNNVD-201904-563 // NVD: CVE-2019-0031

REFERENCES

url:	http://www.securityfocus.com/bid/107874	Trust: 2.3
url:	https://kb.juniper.net/jsa10920	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0031	Trust: 1.4
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.9
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10920&actp=rss	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0031	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-jdhcpd-29009	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78978	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3

sources: VULHUB: VHN-140062 // BID: 107874 // JVNDB: JVNDB-2019-003359 // CNNVD: CNNVD-201904-563 // NVD: CVE-2019-0031

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 107874

SOURCES

db:	VULHUB	id:	VHN-140062
db:	BID	id:	107874
db:	JVNDB	id:	JVNDB-2019-003359
db:	CNNVD	id:	CNNVD-201904-563
db:	NVD	id:	CVE-2019-0031

LAST UPDATE DATE

2024-08-14T13:26:39.695000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140062	date:	2020-09-29T00:00:00
db:	BID	id:	107874	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-003359	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-563	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2019-0031	date:	2020-09-29T00:42:18.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140062	date:	2019-04-10T00:00:00
db:	BID	id:	107874	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-003359	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-563	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2019-0031	date:	2019-04-10T20:29:00.490