ID

VAR-201907-1600


CVE

CVE-2019-0046


TITLE

Juniper Networks Junos Vulnerabilities related to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-006593

DESCRIPTION

A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device. Affected releases are Juniper Networks Junos OS: 16.1 versions above and including 16.1R1 prior to 16.1R7-S5; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. Juniper Networks Junos Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2019-0046 // JVNDB: JVNDB-2019-006593 // BID: 109272 // VULHUB: VHN-140077

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.3

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s5scope:neversion: -

Trust: 0.3

sources: BID: 109272 // JVNDB: JVNDB-2019-006593 // NVD: CVE-2019-0046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0046
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0046
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0046
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-626
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140077
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0046
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140077
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0046
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0046
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140077 // JVNDB: JVNDB-2019-006593 // CNNVD: CNNVD-201907-626 // NVD: CVE-2019-0046 // NVD: CVE-2019-0046

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-140077 // JVNDB: JVNDB-2019-006593 // NVD: CVE-2019-0046

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-626

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-626

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006593

PATCH

title:JSA10938url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938&actp=METADATA

Trust: 0.8

title:Juniper Networks Junos OS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95171

Trust: 0.6

sources: JVNDB: JVNDB-2019-006593 // CNNVD: CNNVD-201907-626

EXTERNAL IDS

db:NVDid:CVE-2019-0046

Trust: 2.8

db:BIDid:109272

Trust: 2.0

db:JUNIPERid:JSA10938

Trust: 2.0

db:JVNDBid:JVNDB-2019-006593

Trust: 0.8

db:CNNVDid:CNNVD-201907-626

Trust: 0.7

db:AUSCERTid:ESB-2019.2559

Trust: 0.6

db:VULHUBid:VHN-140077

Trust: 0.1

sources: VULHUB: VHN-140077 // BID: 109272 // JVNDB: JVNDB-2019-006593 // CNNVD: CNNVD-201907-626 // NVD: CVE-2019-0046

REFERENCES

url:http://www.securityfocus.com/bid/109272

Trust: 1.7

url:https://kb.juniper.net/jsa10938

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-0046

Trust: 1.4

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.9

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10938&cat=sirt_1&actp=list&showdraft=false

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0046

Trust: 0.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10938

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2559/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ex4300-management-interface-29741

Trust: 0.6

url:http://www.juniper.net/

Trust: 0.3

sources: VULHUB: VHN-140077 // BID: 109272 // JVNDB: JVNDB-2019-006593 // CNNVD: CNNVD-201907-626 // NVD: CVE-2019-0046

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109272

SOURCES

db:VULHUBid:VHN-140077
db:BIDid:109272
db:JVNDBid:JVNDB-2019-006593
db:CNNVDid:CNNVD-201907-626
db:NVDid:CVE-2019-0046

LAST UPDATE DATE

2024-08-14T13:26:06.475000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140077date:2019-10-09T00:00:00
db:BIDid:109272date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006593date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-626date:2019-07-22T00:00:00
db:NVDid:CVE-2019-0046date:2021-02-25T15:58:00.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-140077date:2019-07-11T00:00:00
db:BIDid:109272date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006593date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201907-626date:2019-07-11T00:00:00
db:NVDid:CVE-2019-0046date:2019-07-11T20:15:11.177