CVE-2019-0007

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-0007
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/106564 Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10903 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*
OR cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:vmx:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-01-15 21:29

Updated : 2023-12-10 12:44

NVD link : CVE-2019-0007

Mitre link : CVE-2019-0007

CVE.ORG link : CVE-2019-0007

JSON object : View

Products Affected

juniper

  • mx80
  • mx10008
  • vmx
  • mx480
  • mx240
  • mx960
  • mx2020
  • mx40
  • mx10
  • junos
  • mx10003
  • mx150
  • mx204
  • mx2008
  • mx104
  • mx2010
  • mx5
CWE
CWE-330

Use of Insufficiently Random Values