CVE-2019-0007
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
Summary
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 15.1 < 15.1F5 | affected |
Weaknesses
- Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Workarounds
When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.
Deny incoming packets with invalid source addresses From reaching the device. Utilize egress filtering to prevent invalid / spoofed packets from leaving your network(s). Enable stateful firewall filters where possible. Utilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.