FKIE_CVE-2019-0002

Vulnerability from fkie_nvd - Published: 2019-01-15 21:29 - Updated: 2024-11-21 04:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter.
References
sirt@juniper.nethttp://www.securityfocus.com/bid/106669Third Party Advisory, VDB Entry
sirt@juniper.nethttps://kb.juniper.net/JSA10901Vendor Advisory
sirt@juniper.nethttps://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106669Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA10901Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.htmlVendor Advisory
Impacted products
Vendor Product Version
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 15.1x53
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper ex2300 -
juniper ex3400 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*",
              "matchCriteriaId": "D58997E6-96B4-4930-A29D-B49D06DFA9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*",
              "matchCriteriaId": "AFB887FD-D3FB-439F-9A89-CC367A74DB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*",
              "matchCriteriaId": "BDA46912-D173-49C5-A0A1-64BD0889D3A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*",
              "matchCriteriaId": "3BEE4EE4-18D9-4FA9-9A02-917240B851AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*",
              "matchCriteriaId": "188FED65-8A81-4BB0-B10B-8CA17B4F71CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*",
              "matchCriteriaId": "9F03E847-748B-43BD-B6C1-BFDECE99BC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*",
              "matchCriteriaId": "92E31AF0-83EB-4570-A6DE-4308BE0D3A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action \u0027policer\u0027 in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter."
    },
    {
      "lang": "es",
      "value": "En las series EX2300 y EX3400, la configuraci\u00f3n sin estado del filtro del firewall que emplea la acci\u00f3n \"policer\" junto con otras acciones podr\u00eda no aplicarse. Cuando este problema ocurre, el resultado del comando show pfe filter hw summary no mostrar\u00e1 la entrada para: RACL group. Las versiones afectadas de las series EX2300 y EX3400 con Junos OS son: 15.1X53 anterior a 15.1X53-D590; 18.1 anterior a 18.1R3 y 18.2 anterior a 18.2R2. Este problema afecta a los filtros de firewall IPv4 y IPv6."
    }
  ],
  "id": "CVE-2019-0002",
  "lastModified": "2024-11-21T04:16:01.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-15T21:29:00.823",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106669"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10901"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-794"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.