Details of VAR-201904-1501

ID

VAR-201904-1501

CVE

CVE-2019-0041

TITLE

Juniper Networks EX4300-MP Junos OS Security Feature Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13845 // CNNVD: CNNVD-201904-546

DESCRIPTION

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. JunosOS is a network operating system dedicated to the company's hardware devices. A security vulnerability exists in the JunosOS 18.2 version of the Juniper Networks EX4300-MP. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

Trust: 2.52

sources: NVD: CVE-2019-0041 // JVNDB: JVNDB-2019-003345 // CNVD: CNVD-2019-13845 // BID: 108490 // VULHUB: VHN-140072

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13845

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	networks junos os	scope:	eq	version:	18.2	Trust: 0.6
vendor:	juniper	model:	junos 18.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.2r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 18.2r1-s2	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2019-13845 // BID: 108490 // JVNDB: JVNDB-2019-003345 // NVD: CVE-2019-0041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0041
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2019-0041
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0041
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-13845
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-546
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140072
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0041
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13845
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-140072
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0041
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2019-0041
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.0
NVD:	CVE-2019-0041
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-13845 // VULHUB: VHN-140072 // JVNDB: JVNDB-2019-003345 // CNNVD: CNNVD-201904-546 // NVD: CVE-2019-0041 // NVD: CVE-2019-0041

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-140072 // JVNDB: JVNDB-2019-003345 // NVD: CVE-2019-0041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-546

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-546

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003345

PATCH

title:	JSA10933	url:	https://kb.juniper.net/JSA10933	Trust: 0.8
title:	JuniperNetworksEX4300-MPJunosOS Security Feature Issue Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/160975	Trust: 0.6
title:	Juniper Networks EX4300-MP Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91361	Trust: 0.6

sources: CNVD: CNVD-2019-13845 // JVNDB: JVNDB-2019-003345 // CNNVD: CNNVD-201904-546

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0041	Trust: 3.4
db:	JUNIPER	id:	JSA10933	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-003345	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-546	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13845	Trust: 0.6
db:	NSFOCUS	id:	43518	Trust: 0.6
db:	BID	id:	108490	Trust: 0.3
db:	VULHUB	id:	VHN-140072	Trust: 0.1

sources: CNVD: CNVD-2019-13845 // VULHUB: VHN-140072 // BID: 108490 // JVNDB: JVNDB-2019-003345 // CNNVD: CNNVD-201904-546 // NVD: CVE-2019-0041

REFERENCES

url:	https://kb.juniper.net/jsa10933	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0041	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0041	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43518	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-ex4300-mp-information-disclosure-via-transit-network-traffic-control-plane-29022	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10933	Trust: 0.3

sources: CNVD: CNVD-2019-13845 // VULHUB: VHN-140072 // BID: 108490 // JVNDB: JVNDB-2019-003345 // CNNVD: CNNVD-201904-546 // NVD: CVE-2019-0041

CREDITS

Juniper ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201904-546

SOURCES

db:	CNVD	id:	CNVD-2019-13845
db:	VULHUB	id:	VHN-140072
db:	BID	id:	108490
db:	JVNDB	id:	JVNDB-2019-003345
db:	CNNVD	id:	CNNVD-201904-546
db:	NVD	id:	CVE-2019-0041

LAST UPDATE DATE

2024-08-14T15:12:49.886000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13845	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-140072	date:	2020-09-29T00:00:00
db:	BID	id:	108490	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-003345	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-546	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2019-0041	date:	2020-09-29T00:32:14.097

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13845	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-140072	date:	2019-04-10T00:00:00
db:	BID	id:	108490	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-003345	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-546	date:	2019-04-10T00:00:00
db:	NVD	id:	CVE-2019-0041	date:	2019-04-10T20:29:00.943