15.1X53

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

juniper

CWE-908

critical

nessus

NVD

Published: 2019-01-15

Updated: 2021-10-28

Summary

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 14.1X53 Juniper Junos 15.1 Juniper Junos 15.1X53	26
Hardware	Juniper Juniper Ex2200 - Juniper Ex2200 C - Juniper Ex2300 - Juniper Ex2300 C - Juniper Ex3300 - Juniper Ex3400 - Juniper Ex4200 - Juniper Ex4300 - Juniper Ex4500 - Juniper Ex4550 - Juniper Ex4600 - Juniper Ex4650 - Juniper Ex6210 - Juniper Ex8208 - Juniper Ex8216 - Juniper Ex9204 - Juniper Ex9208 - Juniper Ex9214 - Juniper Ex9251 - Juniper Ex9253 - Juniper Qfx10002 - Juniper Qfx10008 - Juniper Qfx10016 - Juniper Qfx3500 - Juniper Qfx3600 - Juniper Qfx5100 - Juniper Qfx5110 - Juniper Qfx5120 - Juniper Qfx5200 - Juniper Qfx5210 -	30

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10906.NASL
description	According to its self-reported version number, the remote Junos device is affected by a potential remote code execution vulnerability due to how the Packet Forwarding Engine manager (FXPC) handles HTTP packets. An attacker could potentially crash the fxpc daemon or execute code.
last seen	2020-06-01
modified	2020-06-02
plugin id	121066
published	2019-01-10
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121066
title	Juniper Junos Packet Forwarding Engine Potential RCE (JSA10906)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(121066); script_version("1.3"); script_cvs_date("Date: 2019/04/18 12:05:36"); script_cve_id("CVE-2019-0006"); script_xref(name:"JSA", value:"JSA10906"); script_name(english:"Juniper Junos Packet Forwarding Engine Potential RCE (JSA10906)"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Junos device is affected by a potential remote code execution vulnerability due to how the Packet Forwarding Engine manager (FXPC) handles HTTP packets. An attacker could potentially crash the fxpc daemon or execute code."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10906"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10906."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0006"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/10"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include("audit.inc"); include("junos_kb_cmd_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); # 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; # 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms. if (model =~ '^(QFX\|EX)') { fixes['14.1X53'] = '14.1X53-D47'; fixes['15.1X53'] = '15.1X53-D50'; } # 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms fixes['15.1R'] = '15.1R7-S3'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); override = FALSE; junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);

Vulnerabilities > CVE-2019-0006 - Use of Uninitialized Resource vulnerability in Juniper Junos 14.1X53/15.1/15.1X53

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Related news

References