CVE-2019-0011 — Networks Junos OS vulnerability

5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJan 15

Latest updateApr 30

Description

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X7…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os17.2 — 17.2R1-S7, 17.2R3+4

▶NVDjuniper/junos5 versions+4

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-cx8m-q3j5-7c8p: The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destine↗2022-04-30

▶

📋Vendor Advisories

VMware

ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)↗2019-07-09

▶

Juniper

CVE-2019-0011: The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destine↗2019-01-15

▶

💬Community

Bugzilla

CVE-2019-15553 rust-memoffset:offset_of and span_of causing exposure of uninitialized memory↗2019-08-30

▶