CVE-2019-0059 - OpenCVE

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Junos

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:18.1:r2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r3::::::
	cpe:2.3:o:juniper:junos:18.1x75:-::::::
	cpe:2.3:o:juniper:junos:18.1x75:d10::::::

References

Link	Resource
https://kb.juniper.net/JSA10957	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2019-10-09T00:00:00

Updated: 2019-10-09T19:26:17

Reserved: 2018-10-11T00:00:00

Link: CVE-2019-0059

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-09T20:15:16.893

Modified: 2021-09-14T12:09:27.937

Link: CVE-2019-0059

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "18.1X75 all versions"}, {"status": "unaffected", "version": "18.2X75-D5"}, {"lessThan": "18.1R2-S4, 18.1R3-S1", "status": "affected", "version": "18.1", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "The minimal configuration required is for BGP to be enabled on the device."}], "datePublic": "2019-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption (3.2)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:26:17", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://kb.juniper.net/JSA10957"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S1, 18.2X75-D5, 18.2R1, and all subsequent releases.\n"}], "source": {"advisory": "JSA10957", "defect": ["1356763"], "discovery": "INTERNAL"}, "title": "Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2019-10-09T16:00:00.000Z", "ID": "CVE-2019-0059", "STATE": "PUBLIC", "TITLE": "Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"version_affected": "<", "version_name": "18.1", "version_value": "18.1R2-S4, 18.1R3-S1"}, {"version_affected": "=", "version_name": "18.1X75", "version_value": "all versions"}, {"version_affected": "!", "version_name": "18.2X75", "version_value": "18.2X75-D5"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "The minimal configuration required is for BGP to be enabled on the device."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption (3.2)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10957", "refsource": "MISC", "url": "https://kb.juniper.net/JSA10957"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S1, 18.2X75-D5, 18.2R1, and all subsequent releases.\n"}], "source": {"advisory": "JSA10957", "defect": ["1356763"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2019-0059", "datePublished": "2019-10-09T00:00:00", "dateReserved": "2018-10-11T00:00:00", "dateUpdated": "2019-10-09T19:26:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*", "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*", "matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1x75:-:*:*:*:*:*:*", "matchCriteriaId": "25D06112-086E-4C26-B2C1-D83F45B5BF10", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:18.1x75:d10:*:*:*:*:*:*", "matchCriteriaId": "A3EE4205-D7F6-4C5A-A245-22510C003921", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected."}, {"lang": "es", "value": "Una vulnerabilidad de p\u00e9rdida de memoria en Juniper Networks Junos OS, permite a un atacante causar una Denegaci\u00f3n de Servicio (DoS) al dispositivo mediante el env\u00edo de comandos espec\u00edficos desde un host BGP similar y que esos estados de BGP sean entregados al dispositivo vulnerable. Este problema afecta: Juniper Networks Junos OS: versiones 18.1 anteriores a 18.1R2-S4, 18.1R3-S1; todas las versiones 18.1X75. Las versiones anteriores a 18.1R1 no est\u00e1n afectadas."}], "id": "CVE-2019-0059", "lastModified": "2021-09-14T12:09:27.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2019-10-09T20:15:16.893", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10957"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "sirt@juniper.net", "type": "Secondary"}]}