Vulnerabilities > CVE-2019-0048 - 7PK - Security Features vulnerability in Juniper Junos

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
juniper
CWE-254
nessus
NVD
Published: 2019-07-11
Updated: 2019-10-09

Summary

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series.

Vulnerable Configurations

Part Description Count
OS
Juniper
68
Hardware
Juniper
19

Common Weakness Enumeration (CWE)

Nessus

NASL familyJunos Local Security Checks
NASL idJUNIPER_JSA10942.NASL
descriptionThe version of Junos OS installed on the remote host is EX3400 Series running Junos OS prior to 14.1X53-D115, 17.1R3, 17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 18.1R3-S1, 18.2R2, or 18.3R2. It is, therefore, affected by a vulnerability. When a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command
last seen2020-06-01
modified2020-06-02
plugin id134893
published2020-03-25
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/134893
titleJunos OS Firewall Filters Failure Vulnerability (JSA10942)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(134893);
  script_version("1.1");
  script_cvs_date("Date: 2020/03/25");

  script_cve_id("CVE-2019-0048");
  script_xref(name: "JSA", value: "JSA10942");

  script_name(english:"Junos OS Firewall Filters Failure Vulnerability (JSA10942)");
  script_summary(english:"Checks the Junos version and build date.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is EX3400 Series running Junos OS prior to 14.1X53-D115, 17.1R3, 
17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 18.1R3-S1, 18.2R2, or 18.3R2. It is, therefore, affected by a vulnerability. When a 
firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. 
The command 'show firewall filter' can be used to confirm whether the filter is working. as referenced in the JSA10942
advisory. 

Note that Nessus has not tested for this issue but has instead relied only on the application's 
self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10942");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA10942");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0048");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/25");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');
include('misc_func.inc');
include('junos_kb_cmd_func.inc');

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
fixes = make_array();

model = get_kb_item_or_exit('Host/Juniper/model');
if ( 'EX43' >!< model)
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);
  
fixes['14.1X53'] = '14.1X53-D115';
fixes['17.1'] = '17.1R3';
fixes['17.2'] = '17.2R3-S2';
fixes['17.3'] = '17.3R3-S3';
fixes['17.4'] = '17.4R2-S5';
fixes['18.1'] = '18.1R3-S1';
fixes['18.2'] = '18.2R2';
fixes['18.3'] = '18.3R2';

fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);

# If it has only TCAM optimization enabled:
override = TRUE;
buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
  override = FALSE;
  pattern = "^set system packet-forwarding-options tcam-group-optimization";
  if (!junos_check_config(buf:buf, pattern:pattern))
    audit(AUDIT_HOST_NOT, 'vulnerable');
}
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

References