Vulnerabilities > CVE-2019-0064 - Unspecified vulnerability in Juniper Junos 18.2/18.4/19.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| Hardware | 3 |
Nessus
NASL family Junos Local Security Checks NASL id JUNIPER_JSA10970.NASL description The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 133303 published 2020-01-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133303 title Juniper JSA10970 code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133303); script_version("1.1"); script_cvs_date("Date: 2020/01/29"); script_cve_id( "CVE-2019-0047", "CVE-2019-0050", "CVE-2019-0054", "CVE-2019-0055", "CVE-2019-0057", "CVE-2019-0058", "CVE-2019-0059", "CVE-2019-0060", "CVE-2019-0062", "CVE-2019-0063", "CVE-2019-0064", "CVE-2019-0066", "CVE-2019-0067", "CVE-2019-0068", "CVE-2019-0073", "CVE-2019-0075" ); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Juniper JSA10970"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10970"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10970"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0047"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); fixes['12.1X46'] = '12.1X46-D86'; fixes['12.3'] = '12.3R12-S13'; fixes['12.3X48'] = '12.3X48-D80'; fixes['14.1X53'] = '14.1X53-D51'; if (ver =~ "^15\.1F") fixes['15.1F'] = '15.1F6-S13'; else fixes['15.1'] = '15.1R7-S4'; fixes['15.1X49'] = '15.1X49-D171'; fixes['15.1X53'] = '15.1X53-D69'; fixes['16.1'] = '16.1R7-S5'; fixes['16.2'] = '16.2R2-S9'; fixes['17.1'] = '17.1R3'; if (ver =~ "^17\.2R1") fixes['17.2'] = '17.2R1-S8'; else if (ver =~ "^17\.2R2") fixes['17.2'] = '17.2R2-S7'; else if (ver =~ "^17\.2R3") fixes['17.2'] = '17.2R3-S1'; fixes['17.3'] = '17.3R3-S6'; if (ver =~ "^17\.4R1") fixes['17.4'] = '17.4R1-S7'; else if (ver =~ "^17\.4R2") fixes['17.4'] = '17.4R2-S4'; else fixes['17.4'] = '17.4R3'; fixes['18.1'] = '18.1R3-S5'; if (ver =~ "^18\.2R1") fixes['18.2'] = '18.2R1-S5'; else if (ver =~ "^18\.2R2") fixes['18.2'] = '18.2R2-S3'; else fixes['18.2'] = '18.2R3'; if (ver =~ "^18\.3R1") fixes['18.3'] = '18.3R1-S3'; else if (ver =~ "^18\.3R2") fixes['18.3'] = '18.3R2'; else if (ver =~ "^18\.3R3") fixes['18.3'] = '18.3R3'; if (ver =~ "^18\.4R1") fixes['18.4'] = '18.4R1-S2'; else fixes['18.4'] = '18.4R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);NASL family Junos Local Security Checks NASL id JUNIPER_JSA10963.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the flowd process on SRX 5000 devices when last seen 2020-03-18 modified 2019-11-04 plugin id 130466 published 2019-11-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130466 title Junos OS: flowd DoS (JSA10963) code #TRUSTED 3280a2087ed2dc6323d6f117b609c8231a866aa07165f1e243b051f645f1f9e87093b94f80067eedeaf57d1d0efadb8a4fe6b06369df2852ef3517bdd4632849098a7a3c436eb07393a574595cbc6eadf253ac0acdfd8060e83e17aa8c5f9ef52d9c9cb0d78852e91193973a062873e058d87161d61bd7ef3e87f9888267a77abd65193179b89712639b4bfd10e148fad1e96babb7bf67974d0735e92251c3c51d709a7aa01abd1e53a63e469fa0fda8d0c5bcfd5637ecc3dda6e5026f447b6b1108a30b7055af5488ae52d5a5f3a76364a71e2a2e1bfc989cb6085add67a3bddfbbf0629429c50b5f76aee3ccc02480fb3f401b3531075eda5308c525d3207446ff8e7330a2722929cdbb46a08e36e36ec69aacb1929d5d97d2dbf8eb30dc1eea0d16f3f1c09a2ef621902a1fbc2bbd21e842f566131c11575fd369028461deb59542bc2820cf2d23752f527706c2303b84b569a5bce9b211b24f5e0e05d86b3180c2d3744db113b66a2f3ee365a7c7331aa157ae04ea89c1ea666b324a41e4a6f5f6ea6787747d40c139336636dbd5b13b6b80e00809f2dd3cfbd173ec8a942d81d8745229743fa9fe8057ce1ba37897c1be94645c5934f74be2797071413e9cb1c0a488aed19f2446e1c251df191505b071a871025cd82a6d3ffe6b8fce62aa726a821fd213266c3af5ed2ecb48d7b71e55c3e932514e4f2e6d75306f2bc0 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(130466); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/11/04"); script_cve_id("CVE-2019-0064"); script_xref(name:"JSA", value:"JSA10963"); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Junos OS: flowd DoS (JSA10963)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the flowd process on SRX 5000 devices when 'set security zones security-zone <zone> tcp-rst' is configured. An unauthenticated, remote attacker can send a crafted TCP packet to crash the flowd process and trigger a new session. Repeated crashes of the flowd daemon can result in an extended DoS condition. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10963"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10963."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0064"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Junos Local Security Checks"); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('junos_kb_cmd_func.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); # SRX5000 Series if ( 'SRX5' >!< model) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver); fixes = make_array(); fixes['18.2'] = '18.2R3-S1'; fixes['18.4'] = '18.4R2-S1'; fixes['19.2'] = '19.2R1-S1'; fixes['19.3'] = '19.3R1'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); # If 'set security zones security-zone <zone> tcp-rst' isn't configured, audit out. override = TRUE; buf = junos_command_kb_item(cmd:'show configuration | display set'); if (buf) { override = FALSE; pattern = "^set security zones security-zone .* tcp-rst"; if (!junos_check_config(buf:buf, pattern:pattern)) audit(AUDIT_HOST_NOT, 'vulnerable as it does not appear to have a security zone with tcp-rst enabled.'); } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);