Sign-up

ID

VAR-201904-1499


CVE

CVE-2019-0037


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003434

DESCRIPTION

In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a remote denial-of-service vulnerability. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS. The following versions are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, Release 18.3

Trust: 1.98

sources: NVD: CVE-2019-0037 // JVNDB: JVNDB-2019-003434 // BID: 107894 // VULHUB: VHN-140068

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d150

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d59

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d58

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d57

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d55

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75-d10

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d52

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d30

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d60

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d160

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d50

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53-d51

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d140

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.2x75-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 0.3

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d495scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d235scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d234scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d233scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d232scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d230scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d160scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d150scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d101scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.4r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.3r1-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d496scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d236scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d180scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d171scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s12scope:neversion: -

Trust: 0.3

sources: BID: 107894 // JVNDB: JVNDB-2019-003434 // NVD: CVE-2019-0037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0037
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0037
value: HIGH

Trust: 1.0

NVD: CVE-2019-0037
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-549
value: HIGH

Trust: 0.6

VULHUB: VHN-140068
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0037
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140068
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0037
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0037
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-0037
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140068 // JVNDB: JVNDB-2019-003434 // CNNVD: CNNVD-201904-549 // NVD: CVE-2019-0037 // NVD: CVE-2019-0037

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140068 // JVNDB: JVNDB-2019-003434 // NVD: CVE-2019-0037

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-549

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-549

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003434

PATCH
title:JSA10926url:https://kb.juniper.net/JSA10926
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91364
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003434 // 
            
            
            
            CNNVD: CNNVD-201904-549

EXTERNAL IDS
db:NVDid:CVE-2019-0037
Trust: 2.8
db:JUNIPERid:JSA10926
Trust: 2.0
db:BIDid:107894
Trust: 2.0
db:JVNDBid:JVNDB-2019-003434
Trust: 0.8
db:CNNVDid:CNNVD-201904-549
Trust: 0.7
db:AUSCERTid:ESB-2019.1266
Trust: 0.6
db:VULHUBid:VHN-140068
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140068 // 
            
            
            
            BID: 107894 // 
            
            
            
            JVNDB: JVNDB-2019-003434 // 
            
            
            
            CNNVD: CNNVD-201904-549 // 
            
            
            
            NVD: CVE-2019-0037

REFERENCES
url:http://www.securityfocus.com/bid/107894
Trust: 2.3
url:https://kb.juniper.net/jsa10926
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0037
Trust: 1.4
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.9
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10926&actp=rss
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0037
Trust: 0.8
url:http://kb.juniper.net/infocenter/index
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-jdhcpd-dhcpv6-solicit-29015
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78978
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140068 // 
            
            
            
            BID: 107894 // 
            
            
            
            JVNDB: JVNDB-2019-003434 // 
            
            
            
            CNNVD: CNNVD-201904-549 // 
            
            
            
            NVD: CVE-2019-0037

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107894

SOURCES
db:VULHUBid:VHN-140068
db:BIDid:107894
db:JVNDBid:JVNDB-2019-003434
db:CNNVDid:CNNVD-201904-549
db:NVDid:CVE-2019-0037

LAST UPDATE DATE
2024-08-14T13:26:39.753000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140068date:2019-10-09T00:00:00
db:BIDid:107894date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003434date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-549date:2022-04-19T00:00:00
db:NVDid:CVE-2019-0037date:2022-04-18T17:32:44.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-140068date:2019-04-10T00:00:00
db:BIDid:107894date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003434date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-549date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0037date:2019-04-10T20:29:00.787