CVE-2019-0036 — Improper Access Control in Networks Junos OS

CWE-284 — Improper Access Control CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 51.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedApr 10

Latest updateMay 13

Description

When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os14.1X53 — 14.1X53-D130, 14.1X53-D49+17

▶NVDjuniper/junos12.3+23

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-9p5g-vxgw-7483: When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2019-0036: When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silent↗2019-04-10

▶