Sign-up

ID

VAR-201904-1500


CVE

CVE-2019-0040


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003431

DESCRIPTION

On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS). Note: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue. This issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing: user@junos> show version | match kernel JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10] Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D236; 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8; 17.3 versions prior to 17.3R2; 17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2. This issue does not affect Junos OS releases prior to 15.1. Juniper Networks Junos OS Contains an input validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS. The following releases are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4

Trust: 1.98

sources: NVD: CVE-2019-0040 // JVNDB: JVNDB-2019-003431 // BID: 107902 // VULHUB: VHN-140071

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.3

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 17.4r1-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d69scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d68scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d67scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d64scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d63scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d62scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d59scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d58scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d49scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d31scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d235scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d234scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d233scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d232scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d230scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d105scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d236scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s12scope:neversion: -

Trust: 0.3

sources: BID: 107902 // JVNDB: JVNDB-2019-003431 // NVD: CVE-2019-0040

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0040
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2019-0040
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0040
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-551
value: CRITICAL

Trust: 0.6

VULHUB: VHN-140071
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0040
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140071
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0040
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0040
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2019-0040
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140071 // JVNDB: JVNDB-2019-003431 // CNNVD: CNNVD-201904-551 // NVD: CVE-2019-0040 // NVD: CVE-2019-0040

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140071 // JVNDB: JVNDB-2019-003431 // NVD: CVE-2019-0040

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-551

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-551

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003431

PATCH
title:JSA10929url:https://kb.juniper.net/JSA10929
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91366
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003431 // 
            
            
            
            CNNVD: CNNVD-201904-551

EXTERNAL IDS
db:NVDid:CVE-2019-0040
Trust: 2.8
db:JUNIPERid:JSA10929
Trust: 2.0
db:BIDid:107902
Trust: 2.0
db:JVNDBid:JVNDB-2019-003431
Trust: 0.8
db:CNNVDid:CNNVD-201904-551
Trust: 0.7
db:VULHUBid:VHN-140071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140071 // 
            
            
            
            BID: 107902 // 
            
            
            
            JVNDB: JVNDB-2019-003431 // 
            
            
            
            CNNVD: CNNVD-201904-551 // 
            
            
            
            NVD: CVE-2019-0040

REFERENCES
url:http://www.securityfocus.com/bid/107902
Trust: 2.3
url:https://kb.juniper.net/jsa10929
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0040
Trust: 1.4
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.9
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10929
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0040
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-information-disclosure-via-rpc-29018
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140071 // 
            
            
            
            BID: 107902 // 
            
            
            
            JVNDB: JVNDB-2019-003431 // 
            
            
            
            CNNVD: CNNVD-201904-551 // 
            
            
            
            NVD: CVE-2019-0040

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107902

SOURCES
db:VULHUBid:VHN-140071
db:BIDid:107902
db:JVNDBid:JVNDB-2019-003431
db:CNNVDid:CNNVD-201904-551
db:NVDid:CVE-2019-0040

LAST UPDATE DATE
2024-08-14T15:02:21.908000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140071date:2020-09-29T00:00:00
db:BIDid:107902date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003431date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-551date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0040date:2020-09-29T00:32:56.240

SOURCES RELEASE DATE
db:VULHUBid:VHN-140071date:2019-04-10T00:00:00
db:BIDid:107902date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003431date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-551date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0040date:2019-04-10T20:29:00.897