CVE-2019-0001

Published: Jan 15, 2019

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Vendor	Product	Versions
Juniper Networks	Junos OS	affected `16.1 - < 16.1R7-S1` affected `16.2 - < 16.2R2-S7` affected `17.1 - < 17.1R2-S10, 17.1R3` affected `17.2 - < 17.2R3` affected `17.3 - < 17.3R3-S1` +3 more versions

Weaknesses (CWE)

CWE-674

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://kb.juniper.net/JSA10900

x_refsource_CONFIRM

106541

vdb-entry

x_refsource_BID

FEDORA-2019-5f14b810f8

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-815807c020

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-0001

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References