CVE-2019-0056Insufficient Resource Pool in Networks Junos OS

CWE-410Insufficient Resource PoolCWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedOct 9
Latest updateMay 24

Description

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relative

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5juniper_networks/junos_os18.118.1R2-S4, 18.1R3-S5+5
NVDjuniper/junos6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-mjmc-mxc5-2f3v: This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device2022-05-24

📋Vendor Advisories

1
Juniper
CVE-2019-0056: This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insuff2019-10-09
CVE-2019-0056 — Insufficient Resource Pool | cvebase