CVE-2019-0012 — Networks Junos OS vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJan 15

Latest updateMay 13

Description

A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Network…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D81+13

▶NVDjuniper/junos14 versions+13

▶juniperjuniper/junos_os

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-7hpj-4392-mwjf: A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message↗2022-05-13

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities (CVE-2019-5521, CVE-2019-5684)↗2019-08-02

▶

Juniper

CVE-2019-0012: A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message↗2019-01-15

▶

💬Community

Bugzilla

CVE-2019-15554 rust-smallvec: Memory corruption in SmallVec::grow()↗2019-08-30

▶