CVE-2019-0033

Published: Apr 10, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.

Affected (4)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

4 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Juniper Junos	From 12.1x46 to 12.1x46-d10
Juniper Junos	From 12.1x46-d25 to 12.1x46-d71
Juniper Junos	From 12.3x48 to 12.3x48-d50
Juniper Junos	From 15.1x49 to 15.1x49-d75

Running on/with	Platform Versions
Juniper Srx100	All versions
Juniper Srx110	All versions
Juniper Srx1400	All versions
Juniper Srx210	All versions
Juniper Srx220	All versions
Juniper Srx240	All versions
Juniper Srx3400	All versions
Juniper Srx3600	All versions
Juniper Srx5400	All versions
Juniper Srx550	All versions
Juniper Srx5600	All versions
Juniper Srx5800	All versions
Juniper Srx650	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

http://www.securityfocus.com/bid/107882

Source: sirt@juniper.net

https://kb.juniper.net/JSA10922

Source: sirt@juniper.net

MitigationVendor Advisory

http://www.securityfocus.com/bid/107882

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.juniper.net/JSA10922

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.