10

CVE-2019-0007

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version15.1
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
JuniperJunos Version15.1 Updatef1
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
JuniperJunos Version15.1 Updatef2
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
JuniperJunos Version15.1 Updatef3
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
JuniperJunos Version15.1 Updatef4
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
JuniperJunos Version15.1 Updatef5
   JuniperMx10 Version-
   JuniperMx10003 Version-
   JuniperMx10008 Version-
   JuniperMx104 Version-
   JuniperMx150 Version-
   JuniperMx2008 Version-
   JuniperMx2010 Version-
   JuniperMx2020 Version-
   JuniperMx204 Version-
   JuniperMx240 Version-
   JuniperMx40 Version-
   JuniperMx480 Version-
   JuniperMx5 Version-
   JuniperMx80 Version-
   JuniperMx960 Version-
   JuniperVmx Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.5% 0.632
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 3.9 6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
sirt@juniper.net 9.3 3.9 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.securityfocus.com/bid/106564
Third Party Advisory
VDB Entry