admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1870 from Juniper/juniper-2019-04-10

Browse Source 
CVE IDs assigned in Juniper Security Advisories for April 2019.
This commit is contained in:
CVE Team 2019-04-10 16:13:56 -04:00 committed by GitHub
commit 4c2e51013f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 2624 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
2019/0xxx/CVE-2019-0008.json
View File

@ -1,8 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0008",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "=",
"version_name": "14.1X53",
"version_value": "14.1X53"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D235"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2, 17.3R4"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S1, 17.4R3"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S1, 18.1R4"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"platform": "QFX5000 series, EX4300, EX4600",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +92,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution.\nAffected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are:\n14.1X53;\n15.1X53 versions prior to 15.1X53-D235;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S2, 17.3R4;\n17.4 versions prior to 17.4R2-S1, 17.4R3;\n18.1 versions prior to 18.1R3-S1, 18.1R4;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack based buffer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10930",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10930"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1X53-D235, 17.1R3, 17.2R3, 17.3R3-S2, 17.3R4, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.1R4, 18.2R2, 18.2X75-D30, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10930",
"defect": [
"1371400"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

181
2019/0xxx/CVE-2019-0019.json
View File

@ -1,18 +1,171 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0019",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0019",
"STATE": "PUBLIC",
"TITLE": "BGP packets can trigger rpd crash when BGP tracing is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9, 16.2R3"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3, 17.3R3-S4, 17.3R4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4, 18.1R4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S2, 18.2R2-S3, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3, 18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires BGP tracing to be enabled."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition.\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S4, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S9, 16.2R3;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4;\n17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4;\n18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S3, 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect Junos releases prior to 16.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10931",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10931"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 16.2R3, 17.1R3, 17.2R3-S1, 17.3R3-S3, 17.3R3-S4, 17.3R4, 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3, 18.1R2-S4, 18.1R3-S4, 18.1R4, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10931",
"defect": [
"1399141"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The issue can be mitigated by disabling BGP tracing.\n\nUse authentication for BGP (tcp-md5, ipsec, etc.) to mitigate the issue."
}
]
}

164
2019/0xxx/CVE-2019-0028.json
View File

@ -1,18 +1,154 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0028",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes due to specific BGP peer restarts condition."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S7, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92,17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S2, 17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
},
{
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). \nGraceful restart helper mode for BGP is enabled by default.\nNo other Juniper Networks products or platforms are affected by this issue.\n\n\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7;\n16.1X65 versions prior to 16.1X65-D48;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S7, 17.2R3;\n17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110;\n17.3 versions prior to 17.3R2-S2, 17.3R3;\n17.4 versions prior to 17.4R1-S4, 17.4R2;\n18.1 versions prior to 18.1R2.\n\nJunos OS releases prior to 16.1R1 are not affected."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10932",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10932"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7, 16.1X65-D48, 16.2R2-S8, 17.1R2-S7, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R2-S2, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10932",
"defect": [
"1325157"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "This issue can be prevented by disabling the BGP graceful restart mechanism, including graceful restart helper mode:\n [protocols bgp graceful-restart disable]\nFurthermore, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers."
}
]
}

125
2019/0xxx/CVE-2019-0031.json
View File

@ -1,18 +1,115 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0031",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0031",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client.\nAffected releases are Juniper Networks Junos OS:\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10920",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10920"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2, 18.1R2, 18.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10920",
"defect": [
"1333381"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Customers may discontinue processing or serving DHCPv6 address assignments until such time that fixes can be taken. \nThis workaround is helpful for large IPv4 environments with fewer or considered less important IPv6 clients.\n"
}
]
}

143
2019/0xxx/CVE-2019-0032.json
View File

@ -1,18 +1,133 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0032",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0032",
"STATE": "PUBLIC",
"TITLE": "Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Service Insight",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
},
{
"product_name": "Service Now",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management issue exists where the Organization authentication username and password were stored in plaintext in log files.\nA locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization.\nAffected products are:\n\nJuniper Networks Service Insight versions from 15.1R1, prior to 18.1R1.\n\nService Now versions from 15.1R1, prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10921",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10921"
},
{
"name": "https://kb.juniper.net/KB27572",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB27572"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following Junos Space Service Now and Service Insight releases have been updated to resolve this specific issue:\n18.1R1, and all subsequent releases. \nThese releases of Service Now and Service Insight require at least version 18.4R1 of Junos Space.\n\nNo action is needed to resolve this issue other than upgrading.\n\nExisting log files will roll over as more actions are logged.\n\nTo clear log files manually, login to the server as admin and issue the following commands: \n [root@space ~]# cd /var/log/jboss/servers/server1/\n [root@space server1]#\n [root@space server1]# ls serviceNow.log*\nShould result in output similar to:\n serviceNow.log serviceNow.log.10 serviceNow.log.12 serviceNow.log.14 serviceNow.log.2 serviceNow.log.4 serviceNow.log.6 serviceNow.log.8 serviceNow.log.1 serviceNow.log.11 serviceNow.log.13 serviceNow.log.15 serviceNow.log.3 serviceNow.log.5 serviceNow.log.7 serviceNow.log.9\nNext,\n [root@space server1]# >> serviceNow.log\n [root@space server1]# rm serviceNow.log.*\n \nIf you wish to change the Organization password as a result of this advisory, you must contact JTAC for assistance to properly update the Organization.\n\n"
}
],
"source": {
"advisory": "JSA10921",
"defect": [
"1390749"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no workarounds for this issue.\nTo reduce the risk of exploitation of this issue use access lists or firewall filters to limit access to the device(s) via all means to only trusted administrative networks, hosts and users. "
}
]
}

145
2019/0xxx/CVE-2019-0033.json
View File

@ -1,18 +1,135 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0033",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0033",
"STATE": "PUBLIC",
"TITLE": "SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": ">=",
"version_name": "12.1X46",
"version_value": "12.1X46-D25"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D71, 12.1X46-D73"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D50"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D75"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "An example configuration snippet is below: \n root@device# show security nat proxy-arp \n interface ge-0/0/0.0 { \n address { \n 2.2.2.5/32; \n } \n } "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS).\nThis issue affects only IPv4.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series;\n12.3X48 versions prior to 12.3X48-D50 on SRX Series;\n15.1X49 versions prior to 15.1X49-D75 on SRX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10922",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10922"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D50, 15.1X49-D75, 17.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10922",
"defect": [
"1208910"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Discontinue use of proxy ARP.\nAn example configuration snippet is below:\n deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32\n(or)\n delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 \n \nThere are no other viable workarounds for this issue.\n"
}
]
}

186
2019/0xxx/CVE-2019-0034.json
View File

@ -1,18 +1,176 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0034",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0034",
"STATE": "PUBLIC",
"TITLE": "Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R1-S3"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Devices with Network Agent installed will match the following software version output:\n\n user@junos> show version | grep na\\ telemetry\n JUNOS na telemetry [17.3R3-S3.3] \n\ngRPC is enabled by the following command:\n\n user@junos# set system services extension-service request-response grpc\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data.\n\nConfiguration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical 'set' operations on the device. These APIs need the client to be authenticated for which the username/password can be used.\n\nSuccessful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network \nAgent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue.\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R3-S10, 16.1R7-S4;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S3;\n18.2 versions prior to 18.2R1-S5, 18.2R2-S1;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2, 18.3R1-S3.\n\nThis issue does not affect Junos OS releases prior to 16.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10923",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10923"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 16.1R3-S10, 16.1R7-S4, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10923",
"defect": [
"1394927"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the gRPC service via the following command if it is not needed in your environment:\n\n delete system services extension-service request-response grpc \n\nIn addition to the recommendation listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
]
}

196
2019/0xxx/CVE-2019-0035.json
View File

@ -1,18 +1,186 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0035",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0035",
"STATE": "PUBLIC",
"TITLE": "Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D68"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Administrators can disable root login connections to the console, and if running a fixed release, restrict single-user mode password recovery via the following configuration command:\n\n user@host# set system ports console insecure"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When \"set system ports console insecure\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \"set system root-authentication plain-text-password\" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short.\n\nPassword recovery, changing the root password from a console, should not have been allowed from an insecure console.\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D160;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68;\n16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3;\n16.1X65 versions prior to 16.1X65-D49;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S2;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S3;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10924",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10924"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D496, 15.1X53-D68, 16.1R3-S10, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S3, 18.2R2, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10924",
"defect": [
"1368998"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit physical access to the recovery console to only trusted administrators."
}
]
}

211
2019/0xxx/CVE-2019-0036.json
View File

@ -1,18 +1,201 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0036",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0036",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Firewall filter terms named \"internal-1\" and \"internal-2\" being ignored"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D130, 14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D161, 15.1X49-D170"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S1, 18.4R1-S2"
},
{
"version_affected": "=",
"version_name": "12.1X46",
"version_value": "12.1X46"
},
{
"version_affected": "=",
"version_name": "12.3X48",
"version_value": "12.3X48"
},
{
"version_affected": "=",
"version_name": "12.3",
"version_value": "12.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n term internal-1 {\n from {\n source-address {\n 157.249.32.21/32;\n }\n destination-address {\n 157.249.197.64/30;\n }\n protocol udp;\n destination-port 123;\n }\n then {\n count scan-ad-internal-1;\n accept;\n }\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configuring a stateless firewall filter in Junos OS, terms named using the format \"internal-n\" (e.g. \"internal-1\", \"internal-2\", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results.\n\nAffected releases are Juniper Networks Junos OS:\nAll versions prior to and including 12.3;\n14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69;\n16.1 versions prior to 16.1R7-S4, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S4;\n17.4 versions prior to 17.4R1-S7, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S4;\n18.2 versions prior to 18.2R1-S5, 18.2R2-S1;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S3;\n18.4 versions prior to 18.4R1-S1, 18.4R1-S2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10925",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10925"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D161, 15.1X49-D170, 15.1X53-D236, 15.1X53-D496, 15.1X53-D69, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S4, 17.4R1-S7, 17.4R2-S3, 18.1R2-S4, 18.1R3-S4, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S3, 18.4R1-S1, 19.1R1, and all subsequent releases.\n\nNote: Fixes are not available for Junos OS 12.1X46, 12.3X48, or 12.3R12 due to the high risk of making changes to earlier releases, and the easily implemented available workaround."
}
],
"source": {
"advisory": "JSA10925",
"defect": [
"1394922"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid configuring firewall filter names of the format: internal-n."
}
]
}

191
2019/0xxx/CVE-2019-0037.json
View File

@ -1,18 +1,181 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0037",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0037",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D171, 15.1X49-D180"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n user@host# edit system services dhcp-local-server dhcpv6\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients.\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496;\n16.1 versions prior to 16.1R3-S10, 16.1R7-S4;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S2;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R1-S2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10926",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10926"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D171, 15.1X49-D180, 15.1X53-D236, 15.1X53-D496, 16.1R3-S10, 16.1R7-S4, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S2, 18.2R2, 18.2X75-D30, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10926",
"defect": [
"1391983"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "No known workaround exists for this issue."
}
]
}

157
2019/0xxx/CVE-2019-0038.json
View File

@ -1,18 +1,147 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0038",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0038",
"STATE": "PUBLIC",
"TITLE": "SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"platform": "SRX340/SRX345",
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S3, 17.4R3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S1"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1X49"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion.\n\nThis issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability.\nAffected releases are Juniper Networks Junos OS:\n15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345;\n17.3 on SRX340/SRX345;\n17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345;\n18.1 versions prior to 18.1R3-S1 on SRX340/SRX345;\n18.2 versions prior to 18.2R2 on SRX340/SRX345;\n18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345.\n\nThis issue does not affect Junos OS releases prior to 15.1X49 on any platform."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n The following log message may be displayed when the device is in this condition:\n\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n\nAdministrators can monitor buffer space utilization by executing the command:\n\n request pfe execute target fwdd command \"show octeon fpa buffers\"\n ================ cluster1.node0 ================\n SENT: Ukern command: show octeon fpa buffers\n\n FPA 0: Avail: 23632, Errors: 0\n FPA 1: Avail: 22444, Errors: 0\n FPA 2: Avail: 0, Errors: 0\n FPA 3: Avail: 135, Errors: 0\n FPA 4: Avail: 0, Errors: 0"
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10927",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10927"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D160, 17.4R2-S3, 17.4R3, 18.1R3-S1, 18.2R2, 18.3R1-S2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10927",
"defect": [
"1377152"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

196
2019/0xxx/CVE-2019-0039.json
View File

@ -1,18 +1,186 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0039",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0039",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Login credentials are vulnerable to brute force attacks through the REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S1"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The REST API can be enabled using the following configuration option:\n\n system services rest http\n system services rest enable-explorer "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks.\n\nThe high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks.\nAffected releases are Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D49;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D160;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69;\n16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3;\n16.1X65 versions prior to 16.1X65-D49;\n16.2 versions prior to 16.2R2-S7;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S2;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S1;\n18.2 versions prior to 18.2R1-S5;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R1-S1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10928",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10928"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D49, 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S2, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S1, 18.2R1-S5, 18.2X75-D30, 18.3R1-S1, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10928",
"defect": [
"1289313"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Setting a connection limit on REST API may help mitigate this issue.\n set system services rest control connection-limit 100 \n\nUse access lists or firewall filters to limit API access to the device only from trusted hosts.\n"
}
]
}

168
2019/0xxx/CVE-2019-0040.json
View File

@ -1,18 +1,158 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0040",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0040",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S1"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S1, 17.4R1-S7, 17.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS).\n\nNote: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue.\n\nThis issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing:\n\n user@junos> show version | match kernel \n JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10]\n\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S4;\n15.1X53 versions prior to 15.1X53-D236;\n16.1 versions prior to 16.1R7-S1;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R1-S8;\n17.3 versions prior to 17.3R2;\n17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10929",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10929"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S4, 15.1X53-D236, 16.1R7-S1, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3, 17.3R2, 17.4R1-S1, 17.4R1-S7, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10929",
"defect": [
"1296262"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to port 111 on the device.\n"
},
{
"lang": "eng",
"value": "Disable the management interface (fxp0) if it is not needed in a production environment.\n"
},
{
"lang": "eng",
"value": "If neither MS MICs nor MS MPCs are deployed, an additional option is to disable rpcbind via the configuration command:\n\n set system processes rpcbind-service disable\n"
}
]
}

127
2019/0xxx/CVE-2019-0041.json
View File

@ -1,18 +1,117 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0041",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface."
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S2, 18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires filters configured on lo0."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic.\nThis issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series.\nThis issue does not affect any other EX series devices."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10933",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10933"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R1-S2, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10933",
"defect": [
"1379328"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Removing lo0 filters would mitigate this issue."
}
]
}

141
2019/0xxx/CVE-2019-0042.json
View File

@ -1,18 +1,131 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0042",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0042",
"STATE": "PUBLIC",
"TITLE": "Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Juniper Identity Management Service",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue applicable only when the Windows Domain Controller's policy is set to audit account logon failures and SRX has any security policies configured with the term \"match source-identity authenticated-user\".\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\nIf the issue is being exploited to bypass SRX firewall policies, suspicious or unusual usernames or IP addresses entries may be present in the SRX auth table."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10934",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10934"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 1.1.4 and all subsequent releases.\n\nIf suspicious or unusual usernames or IP addresses entries are present in the SRX auth table, they need to be removed from the SRX auth table."
}
],
"source": {
"advisory": "JSA10934",
"defect": [
"1409607"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "On the domain controller(s), edit GPO policy for Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Audit Policy.\nUncheck \"Failure\" for \"Audit account logon events\". This option is unchecked by default.\nIn the cmd prompt, enter \"gpupdate /force\" to immediately update the policy change."
}
]
}

234
2019/0xxx/CVE-2019-0043.json
View File

@ -1,18 +1,224 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0043",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0043",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes upon receipt of a specific SNMP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS ",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
},
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D75"
},
{
"platform": "EX/QFX series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
},
{
"version_affected": "<",
"version_name": "15.1 ",
"version_value": "15.1R4-S9, 15.1R7-S2"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S11"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D141, 15.1X49-D144, 15.1X49-D150"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D234"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D68"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D471"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"platform": "ACX Series",
"version_affected": "=",
"version_name": "15.1X54",
"version_value": "15.1X54"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S6"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S8, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92, 17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R1-S1, 18.1R2-S1, 18.1R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service.\nNo other Juniper Networks products or platforms are affected by this issue.\nAffected releases are Juniper Networks Junos OS :\n12.1X46 versions prior to 12.1X46-D77 on SRX Series;\n12.3 versions prior to 12.3R12-S10;\n12.3X48 versions prior to 12.3X48-D75 on SRX Series;\n14.1X53 versions prior to 14.1X53-D48 on EX/QFX series;\n15.1 versions prior to 15.1R4-S9, 15.1R7-S2;\n15.1F6 versions prior to 15.1F6-S11;\n15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series;\n15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D68 on QFX10K Series;\n15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series;\n15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series;\n15.1X54 on ACX Series;\n16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7;\n16.1X65 versions prior to 16.1X65-D48;\n16.2 versions prior to 16.2R2-S6;\n17.1 versions prior to 17.1R2-S8, 17.1R3;\n17.2 versions prior to 17.2R1-S7, 17.2R3;\n17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110;\n17.3 versions prior to 17.3R3;\n17.4 versions prior to 17.4R1-S4, 17.4R2;\n18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3;\n18.2X75 versions prior to 18.2X75-D10."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10935",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10935"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D48, 15.1F6-S11, 15.1R4-S9, 15.1R7-S2, 15.1X49-D141, 15.1X49-D144, 15.1X49-D150, 15.1X53-D234, 15.1X53-D471, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7, 16.1X65-D48, 16.2R2-S6, 17.1R2-S8, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R1-S1, 18.1R2-S1, 18.1R3, 18.2R1, 18.2X75-D10, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10935",
"defect": [
"1359966"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
}
]
}

133
2019/0xxx/CVE-2019-0044.json
View File

@ -1,18 +1,123 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0044",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0044",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D82"
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D80 "
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore).\nBy continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS).\nAffected releases are Juniper Networks SRX5000 Series:\n12.1X46 versions prior to 12.1X46-D82;\n12.3X48 versions prior to 12.3X48-D80;\n15.1X49 versions prior to 15.1X49-D160."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10936",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10936"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D82, 12.3X48-D80, 15.1X49-D160 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10936",
"defect": [
"1362221"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}