CVE-2019-0006
Last modified
CVE-2019-0006 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. EPSS estimates a 5.26% chance of exploitation in the next 30 days.
Description
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | 14.1x53 | — |
| Juniper | Junos | 15.1 | R1 |
| Juniper | Junos | 15.1x53 | D20 |
References
- http://www.securityfocus.com/bid/106666Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10906Vendor Advisory
- http://www.securityfocus.com/bid/106666Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10906Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0006?
How severe is CVE-2019-0006?
How do I fix CVE-2019-0006?
Are you affected by CVE-2019-0006?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST