{ "CVE_data_meta" : { "ASSIGNER" : "sirt@juniper.net", "DATE_PUBLIC" : "2019-01-09T17:00:00.000Z", "ID" : "CVE-2019-0003", "STATE" : "PUBLIC", "TITLE" : "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core." }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "Junos OS", "version" : { "version_data" : [ { "affected" : "<", "platform" : "SRX Series", "version_name" : "12.1X46", "version_value" : "12.1X46-D77" }, { "affected" : "<", "version_name" : "12.3", "version_value" : "12.3R12-S10" }, { "affected" : "<", "platform" : "SRX Series", "version_name" : "12.3X48", "version_value" : "12.3X48-D70" }, { "affected" : "<", "platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100", "version_name" : "14.1X53", "version_value" : "14.1X53-D47" }, { "affected" : "<", "version_name" : "15.1", "version_value" : "15.1R3" }, { "affected" : "<", "version_name" : "15.1F", "version_value" : "15.1F3" }, { "affected" : "<", "platform" : "SRX Series", "version_name" : "15.1X49", "version_value" : "15.1X49-D140" }, { "affected" : "<", "platform" : "EX2300/EX3400", "version_name" : "15.1X53", "version_value" : "15.1X53-D59" } ] } } ] }, "vendor_name" : "Juniper Networks" } ] } }, "configuration" : [ { "lang" : "eng", "value" : "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI.\n" } ], "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400." } ] }, "exploit" : [ { "lang" : "eng", "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "impact" : { "cvss" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.0" } }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling \n" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://kb.juniper.net/JSA10902", "refsource" : "CONFIRM", "url" : "https://kb.juniper.net/JSA10902" }, { "name" : "106544", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/106544" } ] }, "solution" : [ { "lang" : "eng", "value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases.\n" } ], "source" : { "advisory" : "JSA10902", "defect" : [ "1116761" ], "discovery" : "USER" }, "work_around" : [ { "lang" : "eng", "value" : "Disable BGP flowspec.\nThere are no other available workarounds for this issue." } ] }