Vulnerabilities > CVE-2019-0008 - Out-of-bounds Write vulnerability in Juniper Junos

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

juniper

CWE-787

critical

nessus

NVD

Published: 2019-04-10

Updated: 2021-10-25

Summary

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 15.1X53 Juniper Junos 15.1X53-D50 Juniper Junos 15.1X53-D51 Juniper Junos 15.1X53-D52 Juniper Junos 15.1X53-D55 Juniper Junos 15.1X53-D57 Juniper Junos 15.1X53-D58 Juniper Junos 15.1X53-D59 Juniper Junos 15.1X53-D69 Juniper Junos 17.1 Juniper Junos 17.2 Juniper Junos 17.3 Juniper Junos 17.3R3 Juniper Junos 17.4 Juniper Junos 17.4R2 Juniper Junos 18.1 Juniper Junos 18.1R Juniper Junos 18.1R2 Juniper Junos 18.2 Juniper Junos 18.2R Juniper Junos 18.2R1 Juniper Junos 18.2X75 Juniper Junos 18.2X75-D10 Juniper Junos 18.3 Juniper Junos 18.3R Juniper Junos 14.1X53	250
Hardware	Juniper Juniper Ex4300 - Juniper Ex4300M - Juniper Ex4600 - Juniper Ex4650 - Juniper Qfx5100 - Juniper Qfx5110 - Juniper Qfx5120 - Juniper Qfx5200 32C - Juniper Qfx5200 48Y - Juniper Qfx5210 64C -	10

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10930.NASL
description	The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a stack based overflow vulnerability in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series. A remote attacker can exploit it which can lead to a remote code execution as referenced in the JSA10930 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	124327
published	2019-04-26
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124327
title	Juniper JSA10930
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124327); script_version("1.2"); script_cvs_date("Date: 2020/01/17"); script_cve_id("CVE-2019-0008"); script_name(english:"Juniper JSA10930"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a stack based overflow vulnerability in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series. A remote attacker can exploit it which can lead to a remote code execution as referenced in the JSA10930 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10930"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10930"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0008"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/26"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include("audit.inc"); include("junos.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); fixes = make_array(); model = get_kb_item_or_exit('Host/Juniper/model'); #QFX5000 Series which means QFX5000, QFX5100, QFX5200 and so on. Checking QFX5 for all of them if ( 'QFX5' >!< model && 'EX4300' >!< model && 'EX4600' >!< model) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver); fixes["14.1X53"] = "14.1X53-D51"; fixes["15.1X53"] = "15.1X53-D235"; fixes["17.1"] = "17.1R3"; fixes["17.2"] = "17.2R3"; fixes["17.3"] = "17.3R3-S2"; fixes["17.4"] = "17.4R2-S1"; fixes["18.1"] = "18.1R3-S1"; fixes["18.2"] = "18.2R2"; fixes["18.2X75"] = "18.2X75-D30"; fixes["18.3"] = "18.3R2"; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References