CVE-2019-0019
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 16.1 < 16.1R7-S4, 16.1R7-S5 | affected |
| Juniper Networks | Junos OS | 16.2 < 16.2R2-S9, 16.2R3 | affected |
| Juniper Networks | Junos OS | 17.1 < 17.1R3 | affected |
| Juniper Networks | Junos OS | 17.2 < 17.2R3-S1 | affected |
| Juniper Networks | Junos OS | 17.3 < 17.3R3-S3, 17.3R3-S4, 17.3R4 | affected |
| Juniper Networks | Junos OS | 17.4 < 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3 | affected |
| Juniper Networks | Junos OS | 18.1 < 18.1R2-S4, 18.1R3-S4, 18.1R4 | affected |
| Juniper Networks | Junos OS | 18.2 < 18.2R2-S2, 18.2R2-S3, 18.2R3 | affected |
| Juniper Networks | Junos OS | 18.2X75 < 18.2X75-D40 | affected |
| Juniper Networks | Junos OS | 18.3 < 18.3R1-S3, 18.3R2 | affected |
| Juniper Networks | Junos OS | 18.4 < 18.4R1-S2, 18.4R2 | affected |
| Juniper Networks | Junos OS | all < 16.1 | unaffected |
Weaknesses
- CWE-404: CWE-404 Improper Resource Shutdown or Release
Workarounds
The issue can be mitigated by disabling BGP tracing.
Use authentication for BGP (tcp-md5, ipsec, etc.) to mitigate the issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.