CVE-2019-0011

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2.

Published: Jan 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0011
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
juniper / junos	17.2-r1	17.2-r1.x
juniper / junos	17.2-r1-s2	17.2-r1-s2.x
juniper / junos	17.2-r1-s6	17.2-r1-s6.x
juniper / junos	17.2-r1-s1	17.2-r1-s1.x
juniper / junos	17.2-r1-s3	17.2-r1-s3.x
juniper / junos	17.2-r1-s5	17.2-r1-s5.x
juniper / junos	17.2-r1-s4	17.2-r1-s4.x
juniper / junos	17.2	17.2.x
juniper / junos	17.3-r1	17.3-r1.x
juniper / junos	17.3-r2	17.3-r2.x
juniper / junos	17.3-r3	17.3-r3.x
juniper / junos	17.3-r3-s1	17.3-r3-s1.x
juniper / junos	17.3-r3-s2	17.3-r3-s2.x
juniper / junos	17.3	17.3.x
juniper / junos	17.4-r1	17.4-r1.x
juniper / junos	17.4-r1-s3	17.4-r1-s3.x
juniper / junos	17.4-r1-s1	17.4-r1-s1.x
juniper / junos	17.4-r1-s2	17.4-r1-s2.x
juniper / junos	17.4	17.4.x
juniper / junos	17.2x75-d50	17.2x75-d50.x
juniper / junos	17.2x75-d90	17.2x75-d90.x
juniper / junos	17.2x75-d100	17.2x75-d100.x
juniper / junos	17.2x75-d70	17.2x75-d70.x
juniper / junos	17.2x75-d102	17.2x75-d102.x
juniper / junos	17.2x75-d92	17.2x75-d92.x
juniper / junos	17.2x75	17.2x75.x
juniper / junos	18.1	18.1.x

Vulnerability Database

290,476

CVE-2019-0011