CVE-2019-0037 — Networks Junos OS vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedApr 10

Latest updateMay 13

Description

In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D17…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os15.1 — 15.1F6-S12, 15.1R7-S3+12

▶NVDjuniper/junos23 versions+22

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-g767-h356-7hx2: In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solici↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2019-0037: In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solici↗2019-04-10

▶