CVE-2019-0053

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client  accessible from the CLI or shell  in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
juniperCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
juniperjunos
12.3
juniperjunos
12.3:r1
juniperjunos
12.3:r11
juniperjunos
12.3:r12
juniperjunos
12.3:r13
juniperjunos
12.3:r2
juniperjunos
12.3:r3
juniperjunos
12.3:r4
juniperjunos
12.3:r5
juniperjunos
12.3:r6
juniperjunos
12.3:r7
juniperjunos
12.3:r8
juniperjunos
12.3:r9
juniperjunos
12.3r12:r12
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
14.1x53:x53
juniperjunos
15.1
juniperjunos
15.1:a1
juniperjunos
15.1:f1
juniperjunos
15.1:f2
juniperjunos
15.1:f2-s1
juniperjunos
15.1:f2-s2
juniperjunos
15.1:f2-s3
juniperjunos
15.1:f2-s4
juniperjunos
15.1:f3
juniperjunos
15.1:f4
juniperjunos
15.1:f5
juniperjunos
15.1:f6
juniperjunos
15.1:f6-s3
juniperjunos
15.1:r1
juniperjunos
15.1:r2
juniperjunos
15.1:r3
juniperjunos
15.1:r4
juniperjunos
15.1:r4-s9
juniperjunos
15.1:r5
juniperjunos
15.1:r6
juniperjunos
15.1:r6-s6
juniperjunos
15.1:r7-s1
juniperjunos
15.1:r7-s2
juniperjunos
15.1:r7-s3
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x49:x49
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
15.1x53:x53
juniperjunos
16.1
juniperjunos
16.1:r1
juniperjunos
16.1:r2
juniperjunos
16.1:r3
juniperjunos
16.1:r3-s10
juniperjunos
16.1:r3-s11
juniperjunos
16.1:r4
juniperjunos
16.1:r5
juniperjunos
16.1:r6
juniperjunos
16.1:r7
juniperjunos
16.2
juniperjunos
16.2:r1
juniperjunos
16.2:r2
juniperjunos
16.2:r2-s1
juniperjunos
16.2:r2-s2
juniperjunos
16.2:r2-s5
juniperjunos
16.2:r2-s6
juniperjunos
16.2:r2-s7
juniperjunos
16.2:r2-s8
juniperjunos
17.1
juniperjunos
17.1:r1
juniperjunos
17.1:r2-s1
juniperjunos
17.1:r2-s10
juniperjunos
17.1:r2-s2
juniperjunos
17.1:r2-s3
juniperjunos
17.1:r2-s4
juniperjunos
17.1:r2-s5
juniperjunos
17.1:r2-s6
juniperjunos
17.1:r2-s7
juniperjunos
17.2
juniperjunos
17.2:r1
juniperjunos
17.2:r1-s2
juniperjunos
17.2:r1-s4
juniperjunos
17.2:r1-s7
juniperjunos
17.2:r2
juniperjunos
17.2:r2-s6
juniperjunos
17.3
juniperjunos
17.3:r1
juniperjunos
17.3:r2
juniperjunos
17.3:r2-s1
juniperjunos
17.3:r2-s2
juniperjunos
17.3:r3-s1
juniperjunos
17.3:r3-s2
juniperjunos
17.3:r3-s3
juniperjunos
17.4
juniperjunos
17.4:r1
juniperjunos
17.4:r1-s1
juniperjunos
17.4:r1-s2
juniperjunos
17.4:r1-s4
juniperjunos
17.4:r2
juniperjunos
17.4:r2-s1
juniperjunos
17.4:r2-s2
juniperjunos
18.1
juniperjunos
18.1:r1
juniperjunos
18.1:r2
juniperjunos
18.1:r2-s1
juniperjunos
18.1:r2-s2
juniperjunos
18.1:r3
juniperjunos
18.1:r3-s2
juniperjunos
18.2
juniperjunos
18.2:r1
juniperjunos
18.2:r1-s3
juniperjunos
18.2:r1-s4
juniperjunos
18.2:r2-s1
juniperjunos
18.2x75:x75
juniperjunos
18.2x75:x75
juniperjunos
18.3
juniperjunos
18.3:r1
juniperjunos
18.3:r1-s1
juniperjunos
18.3:r1-s2
juniperjunos
18.4
juniperjunos
18.4:r1
juniperjunos
18.4:r1-s1
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
inetutils
bullseye
2:2.0-1+deb11u2
fixed
buster
ignored
stretch
ignored
jessie
no-dsa
bookworm
2:2.4-2+deb12u1
fixed
sid
2:2.5-5
fixed
trixie
2:2.5-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
inetutils
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
socks4-server
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
needs-triage
xenial
needs-triage
trusty
dne