Strix
26.1K

CVE-2019-0001

HIGHCVSS 7.5/10EPSS 3.05%

Last modified

CVE-2019-0001 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. EPSS estimates a 3.05% chance of exploitation in the next 30 days.

Description

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
3.05%

85.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
JuniperJunos16.1
JuniperJunos16.2
JuniperJunos17.1
JuniperJunos17.2
JuniperJunos17.3
JuniperJunos17.4
JuniperJunos18.2
FedoraprojectFedora30
FedoraprojectFedora31

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-0001?
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.
How severe is CVE-2019-0001?
CVE-2019-0001 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 3.05% probability of exploitation in the next 30 days.
How do I fix CVE-2019-0001?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-0001?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST