CVE-2019-0028 — Improper Resource Shutdown or Release in Networks Junos OS

CWE-404 — Improper Resource Shutdown or Release3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedApr 10

Latest updateMay 13

Description

On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Netw…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os16.1 — 16.1R7+8

▶NVDjuniper/junos13 versions+12

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-jwm3-pq76-qvr6: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote pe↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2019-0028: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote pe↗2019-04-10

▶