CVE-2019-0037

Published Apr 10, 2019

Last updated 3 years ago

CVSS high 7.5

Overview

Description: In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.4
Impact score: 4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7620D01-1A6B-490F-857E-0D803E0AEE56"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FC0245-A4FF-42C0-A236-8569301E351A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "120EA9E3-788B-4CFD-A74F-17111FFD0131"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31001EA8-2C65-4D3D-AEC7-F298692E8752"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29805EC7-F643-40B7-B34F-3926151B0DFC"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d60:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C751DBA2-5E15-4953-A19A-BA320BC0D557"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d140:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2302E8E5-E659-45E0-9819-249064124C14"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d150:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACA1D9AB-E5C7-41AB-9F00-860B871B34BC"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d160:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E9B877-18EA-4CAB-8A01-58E09CC60DE3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A062DBD-B40E-4D6E-85AA-E24FCF7F32A7"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC4704B0-D62E-415F-9B8A-49C1E686FD14"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A67EBC07-923F-4358-AFC0-9A966A3F980D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d55:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43D1EFC0-908E-41C1-B4B0-C756845100FB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55CD3841-EA43-4EC8-A3F1-42014411CC3F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD8657F5-CF1E-4492-8EA9-B269740E4183"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53-d59:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66ECD21D-FAD9-4DBF-8C6F-83C89118A33C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7348840-EF3C-4BB2-BBED-CD78A82C069B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50D9475A-F4FC-4BDA-B7E8-7A8EC2E3051B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CCE42E0-FB99-4573-B37F-CA2CFAED6E28"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A2595B-C942-4AFD-8D30-98D2D41B73A5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E1CC20-8F24-4D0B-945A-0C21E93E60EB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9424B1E-5FA1-4D65-8553-D1728EC2B79D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A7231C6-1CC4-4E7A-A317-5315246D2540"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11E055AC-5626-4EBB-8611-17BB1E8AEF15"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25C7C3D0-A203-4979-8375-A610ADD48E9E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2x75-d10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14125AE2-5CD4-41DE-8290-09CE58EF7DF2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References