CVE-2019-0007Use of Insufficiently Random Values in Networks Junos OS

CWE-330Use of Insufficiently Random Values5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
0.5%
top 33.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper JunosJuniper Junos OS+1 more
Timeline
PublishedJan 15
Latest updateMay 13

Description

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages4 packages

CVEListV5juniper_networks/junos_os15.115.1F5
NVDjuniper/junos15.1

🔴Vulnerability Details

1
GHSA
GHSA-87m6-hv55-49cw: The vMX Series software uses a predictable IP ID Sequence Number2022-05-13

💥Exploits & PoCs

1
Exploit-DB
VMware Workstation 15.1.0 - DLL Hijacking2019-05-16

📋Vendor Advisories

2
VMware
VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)2019-05-14
Juniper
CVE-2019-0007: The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible2019-01-15
CVE-2019-0007 — Use of Insufficiently Random Values | cvebase