Vulnerabilities > CVE-2019-0009 - Unspecified vulnerability in Juniper Junos 15.1X53/18.1/18.2

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
juniper
nessus

Summary

On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2.

Vulnerable Configurations

Part Description Count
OS
Juniper
10
Hardware
Juniper
2

Nessus

NASL familyJunos Local Security Checks
NASL idJUNIPER_JSA10909.NASL
descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in which high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).
last seen2020-06-01
modified2020-06-02
plugin id121390
published2019-01-25
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/121390
titleJunos OS: EX2300 and EX3400 series: High disk I/O operations may disrupt the communication between RE and PFE (JSA10909)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");
 
if (description)
{
  script_id(121390);
  script_version("1.1");
  script_cvs_date("Date: 2019/01/25 13:36:44");

  script_cve_id("CVE-2019-0009");
  script_xref(name:"JSA", value:"JSA10909");

  script_name(english:"Junos OS: EX2300 and EX3400 series: High disk I/O operations may disrupt the communication between RE and PFE  (JSA10909)");
  script_summary(english:"Checks the Junos version and build date.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Juniper
Junos device is affected by a vulnerability in which high disk I/O 
operations may disrupt the communication between the routing engine 
(RE) and the packet forwarding engine (PFE).");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10909");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper
advisory JSA10909.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0009");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/25");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include("audit.inc");
include("junos.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');

if (  model != 'EX2300' && model != 'EX3400')
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);

fixes = make_array();
fixes['15.1X53'] = '15.1X53-D590';
fixes['18.1'] = '18.1R2-S2';
fixes['18.2'] = '18.2R2';

fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);

if (report_verbosity > 0)
{
  report = get_report(ver:ver, fix:fix);
  security_warning(port:0, extra:report);
}
else security_warning(0);