CVE-2019-0038 — Uncontrolled Resource Consumption in Networks Junos OS

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +2 more

Timeline

PublishedApr 10

Latest updateMay 13

Description

Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 1…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5juniper_networks/junos_os15.1X49 — 15.1X49-D160+5

▶juniperjuniper/junos_space

▶NVDjuniper/junos6 versions+5

▶juniperjuniper/junos_os

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-7w57-fc78-9x64: Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2019-0038: Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due↗2019-04-10

▶