Strix
26.1K

CVE-2019-0036

CRITICALCVSS 9.8/10EPSS 0.97%

Last modified

CVE-2019-0036 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.97%

57.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
JuniperJunos15.1
JuniperJunos15.1f6-s1F6
JuniperJunos15.1f6-s2F6
JuniperJunos15.1f6-s4F6
JuniperJunos15.1f6-s5F6
JuniperJunos15.1f6-s6F6
JuniperJunos15.1f6-s7F6
JuniperJunos15.1f6-s8F6
JuniperJunos15.1f6-s9F6
JuniperJunos15.1f6-s10F6
JuniperJunos15.1f6-s11F6
JuniperJunos15.1x49D10
JuniperJunos15.1x53D10
JuniperJunos16.1R1
JuniperJunos17.3R1
JuniperJunos17.2R1
JuniperJunos17.4R1
JuniperJunos18.1R1
JuniperJunos18.2R1
JuniperJunos18.3R1-S1
JuniperJunos18.2x75
JuniperJunos<= 12.3
JuniperJunos14.1x53
JuniperJunos18.4R1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-0036?
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.
How severe is CVE-2019-0036?
CVE-2019-0036 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.
How do I fix CVE-2019-0036?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-0036?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST