CVE-2019-0003

15.01.2019, 21:29

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.1x46:x46
juniper	junos	12.3
juniper	junos	12.3:r1
juniper	junos	12.3:r11
juniper	junos	12.3:r12
juniper	junos	12.3:r2
juniper	junos	12.3:r3
juniper	junos	12.3:r4
juniper	junos	12.3:r5
juniper	junos	12.3:r6
juniper	junos	12.3:r7
juniper	junos	12.3:r8
juniper	junos	12.3:r9
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	14.1x53:x53
juniper	junos	15.1:f1
juniper	junos	15.1:f2
juniper	junos	15.1:f3
juniper	junos	15.1:f4
juniper	junos	15.1:f5
juniper	junos	15.1:f6
juniper	junos	15.1:f7
juniper	junos	15.1:r1
juniper	junos	15.1:r2
juniper	junos	15.1:r7-s2
juniper	junos	15.1:r7-s3
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53
juniper	junos	15.1x53:x53

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

http://www.securityfocus.com/bid/106544

https://kb.juniper.net/JSA10902

http://www.securityfocus.com/bid/106544

https://kb.juniper.net/JSA10902