CVE-2019-0013Networks Junos OS vulnerability

CWE-194 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedJan 15
Latest updateMay 13

Description

The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5juniper_networks/junos_os12.1X4612.1X46-D77+10
NVDjuniper/junos11 versions+10

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

1
GHSA
GHSA-qp5g-9qv9-xxx2: The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received2022-05-13

📋Vendor Advisories

2
VMware
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)2019-09-16
Juniper
CVE-2019-0013: The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a2019-01-15
CVE-2019-0013 — Juniper Networks Junos OS vulnerability | cvebase