CVE-2019-0019

EPSS 0.49%
Veröffentlicht 10.04.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 04:16:03
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

BGP packets can trigger rpd crash when BGP tracing is enabled.

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 39 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version16.1 Update-

Juniper ≫ Junos Version16.1 Updater1

Juniper ≫ Junos Version16.1 Updater2

Juniper ≫ Junos Version16.1 Updater3

Juniper ≫ Junos Version16.1 Updater4

Juniper ≫ Junos Version16.1 Updater5

Juniper ≫ Junos Version16.1 Updater6

Juniper ≫ Junos Version16.2 Update-

Juniper ≫ Junos Version16.2 Updater1

Juniper ≫ Junos Version16.2 Updater2

Juniper ≫ Junos Version17.1 Update-

Juniper ≫ Junos Version17.1 Updater1

Juniper ≫ Junos Version17.1 Updater2

Juniper ≫ Junos Version17.2 Update-

Juniper ≫ Junos Version17.2 Updater1

Juniper ≫ Junos Version17.2 Updater2

Juniper ≫ Junos Version17.2 Updater3

Juniper ≫ Junos Version17.3 Update-

Juniper ≫ Junos Version17.3 Updater1

Juniper ≫ Junos Version17.3 Updater2

Juniper ≫ Junos Version17.3 Updater2-s1

Juniper ≫ Junos Version17.3 Updater2-s2

Juniper ≫ Junos Version17.3 Updater3

Juniper ≫ Junos Version17.4 Update-

Juniper ≫ Junos Version17.4 Updater1

Juniper ≫ Junos Version17.4 Updater1-s1

Juniper ≫ Junos Version17.4 Updater1-s2

Juniper ≫ Junos Version18.1 Update-

Juniper ≫ Junos Version18.1 Updater1

Juniper ≫ Junos Version18.1 Updater2

Juniper ≫ Junos Version18.2x75 Update-

Juniper ≫ Junos Version18.2x75 Updated20

Juniper ≫ Junos Version18.2x75 Updated5

Juniper ≫ Junos Version18.3 Update-

Juniper ≫ Junos Version18.3 Updater1

Juniper ≫ Junos Version18.3 Updater1-s1

Juniper ≫ Junos Version18.3 Updater1-s2

Juniper ≫ Junos Version18.4 Update-

Juniper ≫ Junos Version18.4 Updater1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://www.securityfocus.com/bid/107893

Broken Link

https://kb.juniper.net/JSA10931

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-0019

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0019

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0019

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-0019