CVE-2019-0006

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106666	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10906	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:14.1x53:::::::*
	cpe:2.3:o:juniper:junos:14.1x53:d10::::::
	cpe:2.3:o:juniper:junos:14.1x53:d15::::::
	cpe:2.3:o:juniper:junos:14.1x53:d16::::::
	cpe:2.3:o:juniper:junos:14.1x53:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d26::::::
	cpe:2.3:o:juniper:junos:14.1x53:d27::::::
	cpe:2.3:o:juniper:junos:14.1x53:d30::::::
	cpe:2.3:o:juniper:junos:14.1x53:d35::::::
	cpe:2.3:o:juniper:junos:14.1x53:d40::::::
	cpe:2.3:o:juniper:junos:14.1x53:d45::::::
	cpe:2.3:o:juniper:junos:14.1x53:d46::::::
	cpe:2.3:o:juniper:junos:14.1x53:r1::::::

OR	cpe:2.3:h:juniper:ex2200:-:::::::*
	cpe:2.3:h:juniper:ex2200-c:-:::::::*
	cpe:2.3:h:juniper:ex2300:-:::::::*
	cpe:2.3:h:juniper:ex2300-c:-:::::::*
	cpe:2.3:h:juniper:ex3300:-:::::::*
	cpe:2.3:h:juniper:ex3400:-:::::::*
	cpe:2.3:h:juniper:ex4200:-:::::::*
	cpe:2.3:h:juniper:ex4300:-:::::::*
	cpe:2.3:h:juniper:ex4500:-:::::::*
	cpe:2.3:h:juniper:ex4550:-:::::::*
	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:ex4650:-:::::::*
	cpe:2.3:h:juniper:ex6210:-:::::::*
	cpe:2.3:h:juniper:ex8208:-:::::::*
	cpe:2.3:h:juniper:ex8216:-:::::::*
	cpe:2.3:h:juniper:ex9204:-:::::::*
	cpe:2.3:h:juniper:ex9208:-:::::::*
	cpe:2.3:h:juniper:ex9214:-:::::::*
	cpe:2.3:h:juniper:ex9251:-:::::::*
	cpe:2.3:h:juniper:ex9253:-:::::::*
	cpe:2.3:h:juniper:qfx10002:-:::::::*
	cpe:2.3:h:juniper:qfx10008:-:::::::*
	cpe:2.3:h:juniper:qfx10016:-:::::::*
	cpe:2.3:h:juniper:qfx3500:-:::::::*
	cpe:2.3:h:juniper:qfx3600:-:::::::*
	cpe:2.3:h:juniper:qfx5100:-:::::::*
	cpe:2.3:h:juniper:qfx5110:-:::::::*
	cpe:2.3:h:juniper:qfx5120:-:::::::*
	cpe:2.3:h:juniper:qfx5200:-:::::::*
	cpe:2.3:h:juniper:qfx5210:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:15.1:r4::::::
	cpe:2.3:o:juniper:junos:15.1:r5::::::
	cpe:2.3:o:juniper:junos:15.1:r6::::::

Configuration 3 (hide)

AND

OR	cpe:2.3:o:juniper:junos:15.1x53:d20::::::
	cpe:2.3:o:juniper:junos:15.1x53:d21::::::
	cpe:2.3:o:juniper:junos:15.1x53:d30::::::
	cpe:2.3:o:juniper:junos:15.1x53:d32::::::
	cpe:2.3:o:juniper:junos:15.1x53:d33::::::
	cpe:2.3:o:juniper:junos:15.1x53:d34::::::
	cpe:2.3:o:juniper:junos:15.1x53:d50::::::

OR	cpe:2.3:h:juniper:ex2200:-:::::::*
	cpe:2.3:h:juniper:ex2200-c:-:::::::*
	cpe:2.3:h:juniper:ex2300:-:::::::*
	cpe:2.3:h:juniper:ex2300-c:-:::::::*
	cpe:2.3:h:juniper:ex3300:-:::::::*
	cpe:2.3:h:juniper:ex3400:-:::::::*
	cpe:2.3:h:juniper:ex4200:-:::::::*
	cpe:2.3:h:juniper:ex4300:-:::::::*
	cpe:2.3:h:juniper:ex4500:-:::::::*
	cpe:2.3:h:juniper:ex4550:-:::::::*
	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:ex4650:-:::::::*
	cpe:2.3:h:juniper:ex6210:-:::::::*
	cpe:2.3:h:juniper:ex8208:-:::::::*
	cpe:2.3:h:juniper:ex8216:-:::::::*
	cpe:2.3:h:juniper:ex9204:-:::::::*
	cpe:2.3:h:juniper:ex9208:-:::::::*
	cpe:2.3:h:juniper:ex9214:-:::::::*
	cpe:2.3:h:juniper:ex9251:-:::::::*
	cpe:2.3:h:juniper:ex9253:-:::::::*
	cpe:2.3:h:juniper:qfx10002:-:::::::*
	cpe:2.3:h:juniper:qfx10008:-:::::::*
	cpe:2.3:h:juniper:qfx10016:-:::::::*
	cpe:2.3:h:juniper:qfx3500:-:::::::*
	cpe:2.3:h:juniper:qfx3600:-:::::::*
	cpe:2.3:h:juniper:qfx5100:-:::::::*
	cpe:2.3:h:juniper:qfx5110:-:::::::*
	cpe:2.3:h:juniper:qfx5120:-:::::::*
	cpe:2.3:h:juniper:qfx5200:-:::::::*
	cpe:2.3:h:juniper:qfx5210:-:::::::*

History

28 Oct 2021, 12:48

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-908
References	~~(BID) http://www.securityfocus.com/bid/106666 - Third Party Advisory~~	(BID) http://www.securityfocus.com/bid/106666 - Third Party Advisory, VDB Entry

Information

Published : 2019-01-15 21:29

Updated : 2023-12-10 12:44

NVD link : CVE-2019-0006

Mitre link : CVE-2019-0006

CVE.ORG link : CVE-2019-0006

JSON object : View

Products Affected

juniper

qfx5210
ex2200
ex8208
ex4500
ex9214
ex3400
junos
ex4300
ex2300-c
ex9253
qfx10016
qfx5100
qfx3500
ex3300
ex4650
ex6210
ex8216
ex9251
qfx5110
qfx10008
qfx5120
ex9208
ex2300
qfx5200
ex9204
ex4600
ex2200-c
ex4200
qfx10002
ex4550
qfx3600

CWE

CWE-908

Use of Uninitialized Resource

9.8 /10