CVE-2019-0068

09.10.2019, 20:15

The SRX flowd process, responsible for packet forwarding, may crash and restart when processing specific multicast packets. By continuously sending the specific multicast packets, an attacker can repeatedly crash the flowd process causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R2-S4, 18.2R3; 18.3 versions prior to 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S1, 19.1R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	12.3x48:x48
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	15.1x49:x49
juniper	junos	17.3
juniper	junos	17.3:r2
juniper	junos	17.3:r2-s1
juniper	junos	17.3:r2-s2
juniper	junos	17.3:r3-s1
juniper	junos	17.3:r3-s2
juniper	junos	17.3:r3-s3
juniper	junos	17.3:r3-s4
juniper	junos	17.3:r3-s5
juniper	junos	17.3:r3-s6
juniper	junos	17.4
juniper	junos	17.4:r1
juniper	junos	17.4:r1-s1
juniper	junos	17.4:r1-s2
juniper	junos	17.4:r1-s4
juniper	junos	17.4:r2
juniper	junos	17.4:r2-s1
juniper	junos	17.4:r2-s3
juniper	junos	17.4:r2-s4
juniper	junos	18.1
juniper	junos	18.1:r2
juniper	junos	18.1:r2-s1
juniper	junos	18.1:r2-s2
juniper	junos	18.1:r2-s4
juniper	junos	18.1:r3
juniper	junos	18.1:r3-s2
juniper	junos	18.1:r3-s3
juniper	junos	18.1:r3-s4
juniper	junos	18.1:r3-s5
juniper	junos	18.2
juniper	junos	18.2:r1-s5
juniper	junos	18.2:r2-s1
juniper	junos	18.2:r2-s2
juniper	junos	18.2:r2-s3
juniper	junos	18.3
juniper	junos	18.3:r1
juniper	junos	18.3:r1-s1
juniper	junos	18.3:r1-s2
juniper	junos	18.3:r1-s3
juniper	junos	18.3:r2
juniper	junos	18.4
juniper	junos	18.4:r1
juniper	junos	18.4:r1-s2
juniper	junos	18.4:r1-s3
juniper	junos	18.4:r1-s4
juniper	junos	19.1
juniper	junos	19.1:r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

https://kb.juniper.net/JSA10968