Vulnerabilities > CVE-2019-0065 - Unspecified vulnerability in Juniper Junos

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

juniper

nessus

NVD

Published: 2019-10-09

Updated: 2021-07-21

Summary

On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending a crafted SIP packet, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a sustained Denial of Service. This issue affects Juniper Networks Junos OS on MX Series: 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S6 ; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S3; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 16.1 Juniper Junos 16.2 Juniper Junos 17.1 Juniper Junos 17.2 Juniper Junos 17.3 Juniper Junos 17.4 Juniper Junos 18.1 Juniper Junos 18.2 Juniper Junos 18.3 Juniper Junos 18.4	89
Hardware	Juniper Juniper Mx10 - Juniper Mx10003 - Juniper Mx10008 - Juniper Mx10016 - Juniper Mx104 - Juniper Mx150 - Juniper Mx2008 - Juniper Mx2010 - Juniper Mx2020 - Juniper Mx204 - Juniper Mx240 - Juniper Mx40 - Juniper Mx480 - Juniper MX5 - Juniper Mx80 - Juniper Mx960 - Juniper VMX -	17

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10964.NASL
description	A denial of service (DoS) vulnerability exists in the MS-PIC component. An unauthenticated, remote attacker can exploit this issue, via specially crafted SIP packet, to cause the MS-PIC to stop responding.
last seen	2020-06-01
modified	2020-06-02
plugin id	131944
published	2019-12-11
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131944
title	Junos OS: processing of specific transit IP packets in flowd, leading to a Denial of Service Vulnerability (JSA10964)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131944); script_version("1.1"); script_cvs_date("Date: 2019/12/11"); script_cve_id("CVE-2019-0065"); script_xref(name:"JSA", value:"JSA10964"); script_name(english:"Junos OS: processing of specific transit IP packets in flowd, leading to a Denial of Service Vulnerability (JSA10964)"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A denial of service (DoS) vulnerability exists in the MS-PIC component. An unauthenticated, remote attacker can exploit this issue, via specially crafted SIP packet, to cause the MS-PIC to stop responding. "); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10964"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10964."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0065"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/11"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model","Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); if ( 'MX' >!< model) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver); fixes = make_array(); fixes['16.1'] = '16.1R7-S5'; fixes['16.2'] = '16.2R2-S11'; fixes['17.1'] = '17.1R3'; fixes['17.2'] = '17.2R3-S3'; fixes['17.3'] = '17.3R3-S6'; fixes['17.4'] = '17.4R2-S8'; fixes['18.1'] = '18.1R3-S3'; fixes['18.2'] = '18.2R3'; fixes['18.3'] = '18.3R2'; fixes['18.4'] = '18.4R2'; fixes['19.1'] = '19.1R1'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);

References

https://kb.juniper.net/JSA10964