cvelist/2019/0xxx/CVE-2019-0046.json

{
   "CVE_data_meta": {
      "ASSIGNER": "sirt@juniper.net",
      "DATE_PUBLIC": "2019-07-10T16:00:00.000Z",
      "ID": "CVE-2019-0046",
      "STATE": "PUBLIC",
      "TITLE": "Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface."
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Junos OS",
                        "version": {
                           "version_data": [
                              {
                                 "version_affected": ">=",
                                 "version_name": "16.1",
                                 "version_value": "16.1R1"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "17.1",
                                 "version_value": "17.1R3"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "17.2",
                                 "version_value": "17.2R3"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "17.3",
                                 "version_value": "17.3R3-S2"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "17.4",
                                 "version_value": "17.4R2"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "18.1",
                                 "version_value": "18.1R3"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "18.2",
                                 "version_value": "18.2R2"
                              },
                              {
                                 "version_affected": "<",
                                 "version_name": "16.1",
                                 "version_value": "16.1R7-S5"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Juniper Networks"
            }
         ]
      }
   },
   "configuration": [
      {
         "lang": "eng",
         "value": "The following minimal configuration is required:\n  set interfaces me0"
      }
   ],
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device.\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions above and including 16.1R1 prior to 16.1R7-S5;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2."
         }
      ]
   },
   "exploit": [
      {
         "lang": "eng",
         "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
      }
   ],
   "generator": {
      "engine": "Vulnogram 0.0.6"
   },
   "impact": {
      "cvss": {
         "attackComplexity": "LOW",
         "attackVector": "ADJACENT_NETWORK",
         "availabilityImpact": "HIGH",
         "baseScore": 6.5,
         "baseSeverity": "MEDIUM",
         "confidentialityImpact": "NONE",
         "integrityImpact": "NONE",
         "privilegesRequired": "NONE",
         "scope": "UNCHANGED",
         "userInteraction": "NONE",
         "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
         "version": "3.0"
      }
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "CWE-400 Uncontrolled Resource Consumption"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://kb.juniper.net/JSA10938",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10938"
         }
      ]
   },
   "solution": [
      {
         "lang": "eng",
         "value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S5, 17.1R3, 17.2R3, 17.3R3-S2, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
      }
   ],
   "source": {
      "advisory": "JSA10938",
      "defect": [
         "1329430"
      ],
      "discovery": "USER"
   },
   "work_around": [
      {
         "lang": "eng",
         "value": "There are no viable workarounds for this issue."
      }
   ]
}
- Synchronized data. 2018-10-11 10:06:06 -04:00			`{`
CVE assignments in Juniper July 2019 advisory bundle. 2019-07-10 15:42:52 -04:00			`"CVE_data_meta": {`
			`"ASSIGNER": "sirt@juniper.net",`
			`"DATE_PUBLIC": "2019-07-10T16:00:00.000Z",`
			`"ID": "CVE-2019-0046",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface."`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
"-Synchronized-Data." 2019-03-18 01:13:32 +00:00			`{`
CVE assignments in Juniper July 2019 advisory bundle. 2019-07-10 15:42:52 -04:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Junos OS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": ">=",`
			`"version_name": "16.1",`
			`"version_value": "16.1R1"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "17.1",`
			`"version_value": "17.1R3"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "17.2",`
			`"version_value": "17.2R3"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "17.3",`
			`"version_value": "17.3R3-S2"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "17.4",`
			`"version_value": "17.4R2"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "18.1",`
			`"version_value": "18.1R3"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "18.2",`
			`"version_value": "18.2R2"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "16.1",`
			`"version_value": "16.1R7-S5"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Juniper Networks"`
"-Synchronized-Data." 2019-03-18 01:13:32 +00:00			`}`
CVE assignments in Juniper July 2019 advisory bundle. 2019-07-10 15:42:52 -04:00			`]`
			`}`
			`},`
			`"configuration": [`
			`{`
			`"lang": "eng",`
			`"value": "The following minimal configuration is required:\n set interfaces me0"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			"value": "A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of the EX4300 Series device. A reboot of the device is required to restore service. Continued receipt of these valid broadcast packets will create a sustained Denial of Service (DoS) against the device.\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions above and including 16.1R1 prior to 16.1R7-S5;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2."
			`}`
			`]`
			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."`
			`}`
			`],`
			`"generator": {`
			`"engine": "Vulnogram 0.0.6"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-400 Uncontrolled Resource Consumption"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://kb.juniper.net/JSA10938",`
			`"refsource": "CONFIRM",`
			`"url": "https://kb.juniper.net/JSA10938"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S5, 17.1R3, 17.2R3, 17.3R3-S2, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"`
			`}`
			`],`
			`"source": {`
			`"advisory": "JSA10938",`
			`"defect": [`
			`"1329430"`
			`],`
			`"discovery": "USER"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "There are no viable workarounds for this issue."`
			`}`
			`]`
"-Synchronized-Data." 2019-03-18 01:13:32 +00:00			`}`