Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-0008

CVE information

Published

3 years ago

Last Modified

9 months ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

Critical

Impact Analysis

Description

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2..

CVSSv2.0 Score

Severity
High
Base Score
7.5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

CVSSv3.1 Score

Severity
Critical
Base Score
9.8/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.3 18.3r2
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.2x75 18.2x75-d30
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.2 18.2r2
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.1 18.1r3-s1
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.4 17.4r2-s1
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.1 17.1r3
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
15.1x53 15.1x53-d235
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.3 17.3r3-s2
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.2 17.2r3
cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*
  No
-