CVE-2019-0006
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.
Affected (26)
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 15.1x53 d20 |
| Running on/with | Platform Versions |
|---|---|
Juniper Ex2200 | All versions |
Juniper Ex2200 C | All versions |
Juniper Ex2300 | All versions |
Juniper Ex2300 C | All versions |
Juniper Ex3300 | All versions |
Juniper Ex3400 | All versions |
Juniper Ex4200 | All versions |
Juniper Ex4300 | All versions |
Juniper Ex4500 | All versions |
Juniper Ex4550 | All versions |
Juniper Ex4600 | All versions |
Juniper Ex4650 | All versions |
Juniper Ex6210 | All versions |
Juniper Ex8208 | All versions |
Juniper Ex8216 | All versions |
Juniper Ex9204 | All versions |
Juniper Ex9208 | All versions |
Juniper Ex9214 | All versions |
Juniper Ex9251 | All versions |
Juniper Ex9253 | All versions |
Juniper Qfx10002 | All versions |
Juniper Qfx10008 | All versions |
Juniper Qfx10016 | All versions |
Juniper Qfx3500 | All versions |
Juniper Qfx3600 | All versions |
Juniper Qfx5100 | All versions |
Juniper Qfx5110 | All versions |
Juniper Qfx5120 | All versions |
Juniper Qfx5200 | All versions |
Juniper Qfx5210 | All versions |
Related CWEs
References (4)
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.