Details of VAR-201910-1654

ID

VAR-201910-1654

CVE

CVE-2019-0067

TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011018

DESCRIPTION

Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-0067 // JVNDB: JVNDB-2019-011018 // VULHUB: VHN-140098

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-011018 // CNNVD: CNNVD-201910-585 // NVD: CVE-2019-0067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0067
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2019-0067
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0067
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-585
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140098
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0067
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140098
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0067
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2019-0067
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140098 // JVNDB: JVNDB-2019-011018 // CNNVD: CNNVD-201910-585 // NVD: CVE-2019-0067 // NVD: CVE-2019-0067

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-140098 // JVNDB: JVNDB-2019-011018 // NVD: CVE-2019-0067

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-585

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-585

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011018

PATCH

title:	JSA10966	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10966&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99229	Trust: 0.6

sources: JVNDB: JVNDB-2019-011018 // CNNVD: CNNVD-201910-585

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0067	Trust: 2.5
db:	JUNIPER	id:	JSA10966	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-011018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-585	Trust: 0.7
db:	VULHUB	id:	VHN-140098	Trust: 0.1

sources: VULHUB: VHN-140098 // JVNDB: JVNDB-2019-011018 // CNNVD: CNNVD-201910-585 // NVD: CVE-2019-0067

REFERENCES

url:	https://kb.juniper.net/jsa10966	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0067	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0067	Trust: 0.8
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-link-local-ipv6-mc-lag-30583	Trust: 0.6

sources: VULHUB: VHN-140098 // JVNDB: JVNDB-2019-011018 // CNNVD: CNNVD-201910-585 // NVD: CVE-2019-0067

SOURCES

db:	VULHUB	id:	VHN-140098
db:	JVNDB	id:	JVNDB-2019-011018
db:	CNNVD	id:	CNNVD-201910-585
db:	NVD	id:	CVE-2019-0067

LAST UPDATE DATE

2024-08-14T13:55:02.848000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140098	date:	2019-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-011018	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-585	date:	2019-11-07T00:00:00
db:	NVD	id:	CVE-2019-0067	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140098	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011018	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-585	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-0067	date:	2019-10-09T20:15:17.723