CVE-2019-0043 — Improper Resource Shutdown or Release in Networks Junos OS

CWE-404 — Improper Resource Shutdown or Release3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +2 more

Timeline

PublishedApr 10

Latest updateMay 13

Description

In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 ve…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶juniperjuniper/qfx_series

▶juniperjuniper/srx_series

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D77+21

▶NVDjuniper/junos18 versions+17

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-32x2-f5q9-2h3f: In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2019-0043: In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously send↗2019-04-10

▶