mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
251 lines
9.2 KiB
JSON
251 lines
9.2 KiB
JSON
{
|
|
"id": "CVE-2019-0014",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2019-01-15T21:29:01.387",
|
|
"lastModified": "2020-07-22T18:00:31.827",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En las series QFX y PTX, la recepci\u00f3n de un paquete mal formado para el muestreo de J-Flow podr\u00eda provocar el cierre inesperado del proceso FPC (Flexible PIC Concentrator), que provoca que todas las interfaces se caigan. Mediante el env\u00edo continuo del paquete manipulado, un atacante puede cerrar repetidamente el proceso FPC, provocando una denegaci\u00f3n de servicio (DoS) prolongada. Este problema afecta al procesamiento de paquetes IPv4 y IPv6. Las versiones afectadas son Juniper Networks Junos OS en las series QFX y PTX: 17.4 en versiones anteriores a la 17.4R2-S1, 17.4R3; 18.1 en versiones anteriores a la 18.1R3-S1; 18.2 en versiones anteriores a la 18.2R1-S3, 18.2R2; 17.2X75 en versiones anteriores a la 17.2X75-D91, 17.2X75-D100."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-19"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "81332BD3-99F9-4A7C-A04F-1F3A81CA6941"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d50:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C913A29-64F1-4B2C-A4BC-163891E9A43A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d70:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD7217ED-631C-4206-9381-18C0BDD69C7D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "974B6128-ABD2-4D9C-87A1-5F1740DDCB95"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx1000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E6DF99D-E438-4943-BC32-F2821E72AE0B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx10002:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "82B22AC2-B794-4F12-9EB3-9AA6E4B19831"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1879799F-18B2-4958-AA90-FD19348C889F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx3000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "516476F9-7D4C-494F-99AA-750F4467CD15"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:ptx5000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "654140A0-FEC0-4DB4-83BF-ECCB000DFA4D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx10002:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1401145-D8EC-4DB9-9CDE-9DE6C0D000C5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1453E42A-77B3-4922-8EC3-1A5668C39550"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26408465-BD6A-4416-B98E-691A5F651080"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F4D44B0-E6CE-4380-8712-AC832DBCB424"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/106556",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.juniper.net/JSA10914",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Mitigation",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |