CVE-2019-0019Improper Resource Shutdown or Release in Networks Junos OS

CWE-404Improper Resource Shutdown or Release4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedApr 10
Latest updateMay 13

Description

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5juniper_networks/junos_os16.116.1R7-S4, 16.1R7-S5+10
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

1
GHSA
GHSA-mpq6-qrw3-g58q: When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart2022-05-13

📋Vendor Advisories

2
VMware
VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability (CVE-2019-5536)2019-10-24
Juniper
CVE-2019-0019: When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd resta2019-04-10
CVE-2019-0019 — Improper Resource Shutdown or Release | cvebase