CVE-2019-0014Networks Junos OS vulnerability

CWE-194 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper JunosJuniper Junos OS+1 more
Timeline
PublishedJan 15
Latest updateMay 13

Description

On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5juniper_networks/junos_os17.417.4R2-S1, 17.4R3+3
NVDjuniper/junos17.2x75, 17.4, 18.2+2

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

1
GHSA
GHSA-4xc8-4pxw-5m97: On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all inte2022-05-13

📋Vendor Advisories

2
VMware
VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)2019-09-19
Juniper
CVE-2019-0014: On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all inte2019-01-15
CVE-2019-0014 — Juniper Networks Junos OS vulnerability | cvebase