cvelist/2019/0xxx/CVE-2019-0003.json
2019-01-16 06:07:41 -05:00

159 lines
6.6 KiB
JSON

{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0003",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core."
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D77"
},
{
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D70"
},
{
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R3"
},
{
"affected" : "<",
"version_name" : "15.1F",
"version_value" : "15.1F3"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D140"
},
{
"affected" : "<",
"platform" : "EX2300/EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI.\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling \n"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10902",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10902"
},
{
"name" : "106544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106544"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10902",
"defect" : [
"1116761"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Disable BGP flowspec.\nThere are no other available workarounds for this issue."
}
]
}