mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
253 lines
8.7 KiB
JSON
253 lines
8.7 KiB
JSON
{
|
|
"id": "CVE-2019-0002",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2019-01-15T21:29:00.823",
|
|
"lastModified": "2020-12-08T14:28:21.493",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En las series EX2300 y EX3400, la configuraci\u00f3n sin estado del filtro del firewall que emplea la acci\u00f3n \"policer\" junto con otras acciones podr\u00eda no aplicarse. Cuando este problema ocurre, el resultado del comando show pfe filter hw summary no mostrar\u00e1 la entrada para: RACL group. Las versiones afectadas de las series EX2300 y EX3400 con Junos OS son: 15.1X53 anterior a 15.1X53-D590; 18.1 anterior a 18.1R3 y 18.2 anterior a 18.2R2. Este problema afecta a los filtros de firewall IPv4 y IPv6."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-794"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D58997E6-96B4-4930-A29D-B49D06DFA9D5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AFB887FD-D3FB-439F-9A89-CC367A74DB00"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BDA46912-D173-49C5-A0A1-64BD0889D3A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BEE4EE4-18D9-4FA9-9A02-917240B851AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*",
|
|
"matchCriteriaId": "188FED65-8A81-4BB0-B10B-8CA17B4F71CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9F03E847-748B-43BD-B6C1-BFDECE99BC3C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92E31AF0-83EB-4570-A6DE-4308BE0D3A43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/106669",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.juniper.net/JSA10901",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |