Vulnerabilities > CVE-2019-0075 - Unspecified vulnerability in Juniper Junos

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

juniper

nessus

NVD

Published: 2019-10-09

Updated: 2021-02-05

Summary

A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 12.3X48 Juniper Junos 15.1X49 Juniper Junos 17.3 Juniper Junos 17.4 Juniper Junos 18.1 Juniper Junos 18.2 Juniper Junos 18.3	62
Hardware	Juniper Juniper Csrx - Juniper Srx100 - Juniper Srx110 - Juniper Srx1400 - Juniper Srx1500 - Juniper Srx210 - Juniper Srx220 - Juniper Srx240 - Juniper Srx300 - Juniper Srx320 - Juniper Srx340 - Juniper Srx3400 - Juniper Srx345 - Juniper Srx3600 - Juniper Srx4100 - Juniper Srx4200 - Juniper Srx4600 - Juniper Srx5400 - Juniper Srx550 - Juniper Srx550 HM - Juniper Srx5600 - Juniper Srx5800 - Juniper Srx650 - Juniper Vsrx -	24

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10970.NASL
description	The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	133303
published	2020-01-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133303
title	Juniper JSA10970
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133303); script_version("1.1"); script_cvs_date("Date: 2020/01/29"); script_cve_id( "CVE-2019-0047", "CVE-2019-0050", "CVE-2019-0054", "CVE-2019-0055", "CVE-2019-0057", "CVE-2019-0058", "CVE-2019-0059", "CVE-2019-0060", "CVE-2019-0062", "CVE-2019-0063", "CVE-2019-0064", "CVE-2019-0066", "CVE-2019-0067", "CVE-2019-0068", "CVE-2019-0073", "CVE-2019-0075" ); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Juniper JSA10970"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10970"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10970"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0047"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); fixes['12.1X46'] = '12.1X46-D86'; fixes['12.3'] = '12.3R12-S13'; fixes['12.3X48'] = '12.3X48-D80'; fixes['14.1X53'] = '14.1X53-D51'; if (ver =~ "^15\.1F") fixes['15.1F'] = '15.1F6-S13'; else fixes['15.1'] = '15.1R7-S4'; fixes['15.1X49'] = '15.1X49-D171'; fixes['15.1X53'] = '15.1X53-D69'; fixes['16.1'] = '16.1R7-S5'; fixes['16.2'] = '16.2R2-S9'; fixes['17.1'] = '17.1R3'; if (ver =~ "^17\.2R1") fixes['17.2'] = '17.2R1-S8'; else if (ver =~ "^17\.2R2") fixes['17.2'] = '17.2R2-S7'; else if (ver =~ "^17\.2R3") fixes['17.2'] = '17.2R3-S1'; fixes['17.3'] = '17.3R3-S6'; if (ver =~ "^17\.4R1") fixes['17.4'] = '17.4R1-S7'; else if (ver =~ "^17\.4R2") fixes['17.4'] = '17.4R2-S4'; else fixes['17.4'] = '17.4R3'; fixes['18.1'] = '18.1R3-S5'; if (ver =~ "^18\.2R1") fixes['18.2'] = '18.2R1-S5'; else if (ver =~ "^18\.2R2") fixes['18.2'] = '18.2R2-S3'; else fixes['18.2'] = '18.2R3'; if (ver =~ "^18\.3R1") fixes['18.3'] = '18.3R1-S3'; else if (ver =~ "^18\.3R2") fixes['18.3'] = '18.3R2'; else if (ver =~ "^18\.3R3") fixes['18.3'] = '18.3R3'; if (ver =~ "^18\.4R1") fixes['18.4'] = '18.4R1-S2'; else fixes['18.4'] = '18.4R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10976.NASL
description	According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted PIM messages, to crash the srxfpe process and cause an FPC reboot, leading to an extended denial of service condition and causing the system to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-03-18
modified	2019-11-04
plugin id	130467
published	2019-11-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130467
title	Junos OS: srxpfe PIM DoS (JSA10976)
code	#TRUSTED 6f172bf36ab4aea2a5909d32163b87f5fa001a546c451a47dc356ab7c665f3b5adb44c5d3f55a570638701d77d7cdfc26d316f5ac9ddc3376c62b4fe8ebc85698de69497ce19341e980a4b4746c2860ae1cc19630467248fc66df7cf85d55083cc40f9f763516be1b9ce6ad6fa06f0072aba7847991ab4f4b5882138783659dd6316694325e238e56c0388bb93f48d5e9dbe276f51a78b6187557dd38621101ff10c2b96f4ed05511048fd39cd2e9d4d66dde336ab965428e7a76ea8f5304091908d8ffb1a20f4143f63f019946a3504451a4440f51cc0d8551b3c35ceef2eba91908cbfd337bcfc91c73d62695a1a7fac288091d490d1621a9e88fe4c7f6626b92355c032a9881bbab8379b44f1dc84bd20ae50b097ad9eb9029c4f2773a72a2e68899785a4e4c10a0bbd88ca19e259312ece51c3b69ea544d2f1343eebc4def4ec0cd69f6cd184bb96e99d7bd68c9201405d1fa954579ee5643d05e9e21fb5c2d4ea06d2a59c41262818e11598bba31f210b4e32da1be46a5750c17146687c77fb7292a67ef4eb893774313363ad7015def91adf4199d78618403af43e3b9359600fdc2f55277f781913a530fe3d94ec4e06369def634c651dbbdf0ded2548883bff28c1d03f9301146fd203c1217437b24e8012f8886cb348beaa569ab8c49757ef11c754bcad996f54751fb3d1490d26e50438495822e585bb655b970b88 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(130467); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/11/04"); script_cve_id("CVE-2019-0075"); script_xref(name:"JSA", value:"JSA10976"); script_xref(name:"IAVA", value:"2019-A-0388"); script_name(english:"Junos OS: srxpfe PIM DoS (JSA10976)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service (DoS) vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices. An unauthenticated, remote attacker can exploit this issue, by repeatedly sending crafted PIM messages, to crash the srxfpe process and cause an FPC reboot, leading to an extended denial of service condition and causing the system to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10976"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10976."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0075"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/04"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Junos Local Security Checks"); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('junos_kb_cmd_func.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); # SRX Series if ( 'SRX' >!< model) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver); fixes = make_array(); fixes['12.3X48'] = '12.3X48-D80'; fixes['15.1X49'] = '15.1X49-D160'; fixes['17.3'] = '17.3R3-S7'; fixes['17.4'] = '17.4R2-S8'; fixes['18.1'] = '18.1R3-S8'; fixes['18.2'] = '18.2R2'; fixes['18.3'] = '18.3R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); # If PIM is not enabled, audit out. # https://www.juniper.net/documentation/en_US/junos/topics/topic-map/mcast-pim-understanding.html override = TRUE; buf = junos_command_kb_item(cmd:'show configuration \| display set'); if (buf) { override = FALSE; pattern = "^set protocol pim"; if (!junos_check_config(buf:buf, pattern:pattern)) audit(AUDIT_HOST_NOT, 'vulnerable as PIM is not enabled.'); } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

References

https://kb.juniper.net/JSA10976