Sign-up

ID

VAR-201904-1564


CVE

CVE-2019-0044


TITLE

Juniper Networks SRX5000 Input Confirmation Vulnerability in Series

Trust: 0.8

sources: JVNDB: JVNDB-2019-003347

DESCRIPTION

Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160. Juniper Networks SRX5000 The series contains an input validation vulnerability.Denial of service (DoS) May be in a state. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. Junos OS is a set of network operating systems dedicated to the company's hardware devices. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-0044 // JVNDB: JVNDB-2019-003347 // BID: 107872 // VULHUB: VHN-140075

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.3

vendor:junipermodel:junos osscope:eqversion:12.1x46-d82

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d80

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d160

Trust: 0.8

vendor:junipermodel:junos 15.1x49-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d80scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d150scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d101scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d77scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d76scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d75scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d81scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d77scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d76scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d72scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d71scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d67scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d160scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d80scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d82scope:neversion: -

Trust: 0.3

sources: BID: 107872 // JVNDB: JVNDB-2019-003347 // NVD: CVE-2019-0044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0044
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0044
value: HIGH

Trust: 1.0

NVD: CVE-2019-0044
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-545
value: HIGH

Trust: 0.6

VULHUB: VHN-140075
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0044
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0044
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0044
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140075 // JVNDB: JVNDB-2019-003347 // CNNVD: CNNVD-201904-545 // NVD: CVE-2019-0044 // NVD: CVE-2019-0044

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140075 // JVNDB: JVNDB-2019-003347 // NVD: CVE-2019-0044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-545

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-545

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003347

PATCH
title:JSA10936url:https://kb.juniper.net/JSA10936
Trust: 0.8
title:Juniper Networks SRX5000 Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91360
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003347 // 
            
            
            
            CNNVD: CNNVD-201904-545

EXTERNAL IDS
db:NVDid:CVE-2019-0044
Trust: 2.8
db:JUNIPERid:JSA10936
Trust: 2.0
db:BIDid:107872
Trust: 2.0
db:JVNDBid:JVNDB-2019-003347
Trust: 0.8
db:CNNVDid:CNNVD-201904-545
Trust: 0.7
db:AUSCERTid:ESB-2019.1266
Trust: 0.6
db:VULHUBid:VHN-140075
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140075 // 
            
            
            
            BID: 107872 // 
            
            
            
            JVNDB: JVNDB-2019-003347 // 
            
            
            
            CNNVD: CNNVD-201904-545 // 
            
            
            
            NVD: CVE-2019-0044

REFERENCES
url:http://www.securityfocus.com/bid/107872
Trust: 2.3
url:https://kb.juniper.net/jsa10936
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0044
Trust: 1.4
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0044
Trust: 0.8
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10936&actp=rss2019-04
Trust: 0.6
url:http://kb.juniper.net/infocenter/index
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-srx5000-denial-of-service-via-fxp0-packet-29024
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78978
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10936&actp=rss 2019-04
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140075 // 
            
            
            
            BID: 107872 // 
            
            
            
            JVNDB: JVNDB-2019-003347 // 
            
            
            
            CNNVD: CNNVD-201904-545 // 
            
            
            
            NVD: CVE-2019-0044

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107872

SOURCES
db:VULHUBid:VHN-140075
db:BIDid:107872
db:JVNDBid:JVNDB-2019-003347
db:CNNVDid:CNNVD-201904-545
db:NVDid:CVE-2019-0044

LAST UPDATE DATE
2024-08-14T13:26:39.828000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140075date:2019-04-12T00:00:00
db:BIDid:107872date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003347date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-545date:2021-10-29T00:00:00
db:NVDid:CVE-2019-0044date:2021-10-28T12:44:43.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-140075date:2019-04-10T00:00:00
db:BIDid:107872date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003347date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-545date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0044date:2019-04-10T20:29:01.053