CVE-2019-0033

Summary

A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.1X46-D25 < 12.1X46*affected
Juniper NetworksJunos OS12.3X48 < 12.3X48-D50affected
Juniper NetworksJunos OS15.1X49 < 15.1X49-D75affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

Discontinue use of proxy ARP. An example configuration snippet is below: deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 (or) delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32

There are no other viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References