nvd-json-data-feeds/CVE-2019/CVE-2019-00xx/CVE-2019-0008.json

{
  "id": "CVE-2019-0008",
  "sourceIdentifier": "sirt@juniper.net",
  "published": "2019-04-10T20:29:00.380",
  "lastModified": "2021-10-25T16:19:19.750",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2."
    },
    {
      "lang": "es",
      "value": "Una cierta secuencia de paquetes BGP o IPv6 BFD v\u00e1lidos puede desencadenar un desbordamiento de b\u00fafer basado en pila en Junos OS Packet Forwarding Engine manager (FXPC), en dispositivos de las series QFX5000, EX4300, EX4600. Este problema puede resultar en un fallo del demonio fxpc o puede llevar a la ejecuci\u00f3n remota del c\u00f3digo. Las versiones afectadas son Juniper Networks y Junos OS en QFX serie 5000, EX4300, EX4600: 14.1X53; 15.1X53 versiones anteriores a 15.1X53-D235; 17.1 versiones anteriores a 17.1R3; 17.2 versiones anteriores a 17.2R3; 17.3 versiones anteriores a 17.3R3-S2, 17.3R4; 17.4 versiones anteriores a 17.4R2-S1, 17.4R3; 18.1 versiones anteriores a 18.1R3-S1, 18.1R4; 18.2 versiones anteriores a 18.2R2; 18.2X75 versiones anteriores a 18.2X75-D30; 18.3 versiones anteriores a 18.3R2."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV30": [
      {
        "source": "sirt@juniper.net",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    },
    {
      "source": "sirt@juniper.net",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "15.1x53",
              "versionEndExcluding": "15.1x53-d235",
              "matchCriteriaId": "042819DE-B469-4360-A524-6E450C125031"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.1",
              "versionEndExcluding": "17.1r3",
              "matchCriteriaId": "153426AC-018F-42C8-89F8-DF1FE684E4C5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.2",
              "versionEndExcluding": "17.2r3",
              "matchCriteriaId": "47B84768-0474-43BF-BA6B-96E1228DC2DB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.3",
              "versionEndExcluding": "17.3r3-s2",
              "matchCriteriaId": "7C4AA7DC-A6B0-4E19-9C61-FB54228779EC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.4",
              "versionEndExcluding": "17.4r2-s1",
              "matchCriteriaId": "69641840-D130-4C65-8243-FFC27C767E2A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "18.1",
              "versionEndExcluding": "18.1r3-s1",
              "matchCriteriaId": "93187AAA-2A4C-4F2E-A5A0-44EB6209B91D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "18.2",
              "versionEndExcluding": "18.2r2",
              "matchCriteriaId": "22EAE8BB-9BB7-450B-A033-AEB9276CA179"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "18.2x75",
              "versionEndExcluding": "18.2x75-d30",
              "matchCriteriaId": "9C8FC105-3629-43BC-BDF8-8ADEACC7C76F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "18.3",
              "versionEndExcluding": "18.3r2",
              "matchCriteriaId": "7529AAC7-7E0A-4913-8AE0-CDF3179C5DA0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7FCCC1-B151-465A-8327-26DB5DC074F0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F69A0E5-B61B-405D-B501-9CB306651CEA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "974B6128-ABD2-4D9C-87A1-5F1740DDCB95"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF736F6-ED05-4DC1-96FB-3F35BA5B3EFD"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07B0E0B-D2F2-4CF1-A8EA-A1E8DE83BBB4"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D790AD-D00F-4FED-96FE-3046C827356B"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD9AD5C-947D-41EF-9969-FCCEB144984F"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86047DE-A0A0-4698-9414-B66C0FA7B544"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/107897",
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://kb.juniper.net/JSA10930",
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}