Vulnerabilities > CVE-2019-0055 - Unspecified vulnerability in Juniper Junos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 39 | |
| Hardware | Juniper
| 24 |
Nessus
NASL family Junos Local Security Checks NASL id JUNIPER_JSA10970.NASL description The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 133303 published 2020-01-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133303 title Juniper JSA10970 code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133303); script_version("1.1"); script_cvs_date("Date: 2020/01/29"); script_cve_id( "CVE-2019-0047", "CVE-2019-0050", "CVE-2019-0054", "CVE-2019-0055", "CVE-2019-0057", "CVE-2019-0058", "CVE-2019-0059", "CVE-2019-0060", "CVE-2019-0062", "CVE-2019-0063", "CVE-2019-0064", "CVE-2019-0066", "CVE-2019-0067", "CVE-2019-0068", "CVE-2019-0073", "CVE-2019-0075" ); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Juniper JSA10970"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10970"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10970"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0047"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); fixes['12.1X46'] = '12.1X46-D86'; fixes['12.3'] = '12.3R12-S13'; fixes['12.3X48'] = '12.3X48-D80'; fixes['14.1X53'] = '14.1X53-D51'; if (ver =~ "^15\.1F") fixes['15.1F'] = '15.1F6-S13'; else fixes['15.1'] = '15.1R7-S4'; fixes['15.1X49'] = '15.1X49-D171'; fixes['15.1X53'] = '15.1X53-D69'; fixes['16.1'] = '16.1R7-S5'; fixes['16.2'] = '16.2R2-S9'; fixes['17.1'] = '17.1R3'; if (ver =~ "^17\.2R1") fixes['17.2'] = '17.2R1-S8'; else if (ver =~ "^17\.2R2") fixes['17.2'] = '17.2R2-S7'; else if (ver =~ "^17\.2R3") fixes['17.2'] = '17.2R3-S1'; fixes['17.3'] = '17.3R3-S6'; if (ver =~ "^17\.4R1") fixes['17.4'] = '17.4R1-S7'; else if (ver =~ "^17\.4R2") fixes['17.4'] = '17.4R2-S4'; else fixes['17.4'] = '17.4R3'; fixes['18.1'] = '18.1R3-S5'; if (ver =~ "^18\.2R1") fixes['18.2'] = '18.2R1-S5'; else if (ver =~ "^18\.2R2") fixes['18.2'] = '18.2R2-S3'; else fixes['18.2'] = '18.2R3'; if (ver =~ "^18\.3R1") fixes['18.3'] = '18.3R1-S3'; else if (ver =~ "^18\.3R2") fixes['18.3'] = '18.3R2'; else if (ver =~ "^18\.3R3") fixes['18.3'] = '18.3R3'; if (ver =~ "^18\.4R1") fixes['18.4'] = '18.4R1-S2'; else fixes['18.4'] = '18.4R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);NASL family Junos Local Security Checks NASL id JUNIPER_JSA10953.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the SIP ALG packet processing service which allows an attacker to cause a Denial of Service (DoS) to the device. A remote, unauthenticated attacker can exploit this by sending specific types of valid SIP traffic to the device to cause the flowd process to crash and generate a core dump while processing SIP ALG traffic. Continued receipt of these SIP packets will cause the device to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2019-11-05 plugin id 130505 published 2019-11-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130505 title Junos OS: SIP ALG flowd DoS (JSA10953) code #TRUSTED 988815214881526c560bfa2eb36ace332a18fdaed458cb4402a186a31bfcb46b5677538d5064d8cce91e20a7a808431490b09cefb6b0c3815bdfdf75d94aec02f5d238a950694f2764e37753608bff89ced4490c0782096d9cefda56da44fc19b04dc6e5fc01605ceec3a34579389496ad0199fb2f5a5a6501b544fb77b95dcba8b36371d80ed8dc63c57425e5eefaa02476beb8e073df56dc6a5a5d2997a74da0b662c9534f51754dff133c65538b9f9d93169cd80c9599a5a2fd938add7ce1454162d8f55910769f5566a8f7b09c64999511427adb88b47166083a88d190c0bbeedf4cfe31e28bdea28bb5600f853dc024f8efd17e4eab246be2405997803d540dc7ee50af1864883dad3cae5aa0e7c119ea5a6250c35ece0d5557369e3b4cb0a71489a6e08481f40bccafffbf4efe1ac24f31734d02000c8cc0862e1e8c0efecb1488570b00c2a4eefd5037a340b8153f2d190324e37de3a4ced240529e391a1137ec3cfb27334203776401150b8f8ddfd05d46953ba48ccb816371292c8c67c0830fda1f1cefa1f4245347d70bbf03bfc34d5eadf3f432bce423f4cd517a94a7f358f2392dd806e0e0213c016936707c9275b16a3e03bbbf8758cc57a4880d4a17ba515fae0051e151aee88d67e13c2dd7e80ffc7a109fd23b23f093fce3d1f1548d051e975b24a3ce06288dc2d8fa0b052ec64380d0bcc846c2fad6a2bd # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(130505); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/11/05"); script_cve_id("CVE-2019-0055"); script_xref(name:"JSA", value:"JSA10953"); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Junos OS: SIP ALG flowd DoS (JSA10953)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the SIP ALG packet processing service which allows an attacker to cause a Denial of Service (DoS) to the device. A remote, unauthenticated attacker can exploit this by sending specific types of valid SIP traffic to the device to cause the flowd process to crash and generate a core dump while processing SIP ALG traffic. Continued receipt of these SIP packets will cause the device to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10953"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10953."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0055"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/05"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Junos Local Security Checks"); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('junos_kb_cmd_func.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); # SRX Series if ( 'SRX' >!< model) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver); fixes = make_array(); # 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; # Making this paranoid if (report_paranoia >= 2) fixes['12.3X48'] = '12.3X48-D61'; fixes['15.1X49'] = '15.1X49-D130'; fixes['17.3'] = '17.3R3'; fixes['17.4'] = '17.4R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); # If SIP ALG is not enabled, audit out. override = TRUE; buf = junos_command_kb_item(cmd:'show configuration | display set'); if (buf) { override = FALSE; pattern = "^set security alg sip"; if (!junos_check_config(buf:buf, pattern:pattern)) audit(AUDIT_HOST_NOT, 'vulnerable as SIP ALG is not enabled'); } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);