CVE-2019-0033
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 12.1X46-D25 < 12.1X46* | affected |
| Juniper Networks | Junos OS | 12.3X48 < 12.3X48-D50 | affected |
| Juniper Networks | Junos OS | 15.1X49 < 15.1X49-D75 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
Workarounds
Discontinue use of proxy ARP. An example configuration snippet is below: deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 (or) delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32
There are no other viable workarounds for this issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.