CVE-2019-0049

Published Jul 11, 2019

Last updated 3 years ago

CVSS high 7.5

Overview

Description: On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S3; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.2X75 versions prior to 17.2X75-D105; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30; 18.3 versions prior to 18.3R1-S4, 18.3R2. Junos OS releases prior to 16.1R1 are not affected.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
sirt@juniper.net: CWE-404

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A7231C6-1CC4-4E7A-A317-5315246D2540"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B14E079B-4E8F-4DAC-85C7-ECC888EBD306"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC7A70CD-3A5E-4F01-8469-E5CD406BB04F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21B7820C-01D2-401C-9E6D-C83994FD5961"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2x75:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC6BBCF-6429-4BD8-9728-4A1B0616D7C9"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.2x75:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12805C4D-2737-41E4-8950-5B48636765F9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2x75:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "191A3F26-3C6E-4B5A-9D40-E6ABC2BFA7AF"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2x75:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B809686-D679-483B-9196-510582F07A7E"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2x75:d102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81332BD3-99F9-4A7C-A04F-1F3A81CA6941"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:17.2x75:d92:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5DCC950-B6D1-4EF2-87EB-7D152CD9D8CD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References