Strix
26.1K

CVE-2019-0060

HIGHCVSS 7.5/10EPSS 1.35%

Last modified

CVE-2019-0060 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. EPSS estimates a 1.35% chance of exploitation in the next 30 days.

Description

The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.35%

67.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
JuniperJunos15.1x49
JuniperJunos18.2
JuniperJunos18.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-0060?
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.
How severe is CVE-2019-0060?
CVE-2019-0060 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.35% probability of exploitation in the next 30 days.
How do I fix CVE-2019-0060?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-0060?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST