Sign-up

ID

VAR-201910-1698


CVE

CVE-2019-0066


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011019

DESCRIPTION

An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3

Trust: 1.71

sources: NVD: CVE-2019-0066 // JVNDB: JVNDB-2019-011019 // VULHUB: VHN-140097

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011019 // NVD: CVE-2019-0066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0066
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0066
value: HIGH

Trust: 1.0

NVD: CVE-2019-0066
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-584
value: HIGH

Trust: 0.6

VULHUB: VHN-140097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0066
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-0066
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-140097
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0066
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2019-0066
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140097 // JVNDB: JVNDB-2019-011019 // CNNVD: CNNVD-201910-584 // NVD: CVE-2019-0066 // NVD: CVE-2019-0066

PROBLEMTYPE DATA

problemtype:CWE-394

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140097 // JVNDB: JVNDB-2019-011019 // NVD: CVE-2019-0066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-584

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-584

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011019

PATCH
title:JSA10965url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10965&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99228
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011019 // 
            
            
            
            CNNVD: CNNVD-201910-584

EXTERNAL IDS
db:NVDid:CVE-2019-0066
Trust: 2.5
db:JUNIPERid:JSA10965
Trust: 1.7
db:JVNDBid:JVNDB-2019-011019
Trust: 0.8
db:CNNVDid:CNNVD-201910-584
Trust: 0.7
db:VULHUBid:VHN-140097
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140097 // 
            
            
            
            JVNDB: JVNDB-2019-011019 // 
            
            
            
            CNNVD: CNNVD-201910-584 // 
            
            
            
            NVD: CVE-2019-0066

REFERENCES
url:https://kb.juniper.net/jsa10965
Trust: 1.7
url:https://www.juniper.net/documentation/en_us/junos/topics/task/configuration/ng-mvpn-services-enabling.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0066
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0066
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv4-ng-mvpn-30582
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140097 // 
            
            
            
            JVNDB: JVNDB-2019-011019 // 
            
            
            
            CNNVD: CNNVD-201910-584 // 
            
            
            
            NVD: CVE-2019-0066

SOURCES
db:VULHUBid:VHN-140097
db:JVNDBid:JVNDB-2019-011019
db:CNNVDid:CNNVD-201910-584
db:NVDid:CVE-2019-0066

LAST UPDATE DATE
2024-08-14T15:17:52.658000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140097date:2019-10-18T00:00:00
db:JVNDBid:JVNDB-2019-011019date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-584date:2021-10-29T00:00:00
db:NVDid:CVE-2019-0066date:2021-10-28T12:25:10.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-140097date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011019date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-584date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0066date:2019-10-09T20:15:17.630