mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
311 lines
12 KiB
JSON
311 lines
12 KiB
JSON
{
|
|
"id": "CVE-2019-0038",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2019-04-10T20:29:00.820",
|
|
"lastModified": "2021-10-25T16:21:47.820",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los paquetes creados destinados a la interfaz de gesti\u00f3n (fxp0) de una pasarela de servicios SRX340 o SRX345 pueden crear una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido al agotamiento del espacio de b\u00fafer. Este problema s\u00f3lo afecta a las pasarelas de servicios SRX340 y SRX345. Ning\u00fan otro producto o plataforma se ve afectado por esta vulnerabilidad. Las versiones afectadas son el Juniper Networks Junos OS: Versiones 15.1X49 anteriores a 15.1X49-D160 en SRX340/SRX345; 17.3 en SRX340/SRX345; 17.4 versiones anteriores a 17.4R2-S3, 17.4R3 en SRX340/SRX345; 18.1 versiones anteriores a 18.1R3-S1 en SRX340/SRX345; 18.2 versiones anteriores a 18.2R2 en SRX340/SRX345; 18.3 versiones anteriores a 18.3R1-S2, 18.3R2 en SRX340/SRX345. Este problema no afecta a las versiones del Junos OS anteriores a 15.1X49 en ninguna plataforma."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
|
|
"accessVector": "ADJACENT_NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 6.1
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 6.5,
|
|
"impactScore": 6.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-770"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-400"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "27A6BF09-ABBF-4126-ADD6-B174937F8554"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E288F54B-AEA3-412F-85A4-EBDFE74DB84F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*",
|
|
"matchCriteriaId": "870244F3-1C05-4F10-A205-5189BB860F46"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*",
|
|
"matchCriteriaId": "235EE40B-AA15-4F39-8087-A051F4F70995"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17330544-3AFC-463E-A146-2840A8AE17D2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8ABA301F-7866-42A5-8391-E07BEAFF06FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*",
|
|
"matchCriteriaId": "884E4A85-ED42-4391-9FDD-9052F957743A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1901864B-688B-4352-A587-4B96B4E49FB1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*",
|
|
"matchCriteriaId": "78F53FBF-C6D8-4AE5-87EC-9D9F88DCEFB9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B6670FB-9F5A-469B-97F2-074C28572065"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71198992-83AA-4E28-BA7D-A3C1897B5E2B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4323D874-C317-4D76-8E2D-C82376D84CBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/107873",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.juniper.net/JSA10927",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |