CVE-2019-0011
Last modified
CVE-2019-0011 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 17.2 |
| Juniper | Junos | 17.3 |
| Juniper | Junos | 17.4 |
| Juniper | Junos | 17.2x75 |
| Juniper | Junos | 18.1 |
References
- http://www.securityfocus.com/bid/106534Broken Link, Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10911Vendor Advisory
- http://www.securityfocus.com/bid/106534Broken Link, Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10911Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0011?
How severe is CVE-2019-0011?
How do I fix CVE-2019-0011?
Are you affected by CVE-2019-0011?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST