var-201904-1501
Vulnerability from variot
On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. JunosOS is a network operating system dedicated to the company's hardware devices. A security vulnerability exists in the JunosOS 18.2 version of the Juniper Networks EX4300-MP. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.3,
"vendor": "juniper",
"version": "18.2"
},
{
"model": "junos os",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos os",
"scope": "eq",
"trust": 0.6,
"vendor": "juniper",
"version": "18.2"
},
{
"model": "junos 18.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 18.2r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 18.2r1-s2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "BID",
"id": "108490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0041"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper ?? ??",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0041",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0041",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13845",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-140072",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0041",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0041",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2019-0041",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-13845",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-546",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140072",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "VULHUB",
"id": "VHN-140072"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. JunosOS is a network operating system dedicated to the company\u0027s hardware devices. A security vulnerability exists in the JunosOS 18.2 version of the Juniper Networks EX4300-MP. \nAn attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "BID",
"id": "108490"
},
{
"db": "VULHUB",
"id": "VHN-140072"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0041",
"trust": 3.4
},
{
"db": "JUNIPER",
"id": "JSA10933",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13845",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43518",
"trust": 0.6
},
{
"db": "BID",
"id": "108490",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-140072",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "VULHUB",
"id": "VHN-140072"
},
{
"db": "BID",
"id": "108490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"id": "VAR-201904-1501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "VULHUB",
"id": "VHN-140072"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
}
]
},
"last_update_date": "2023-12-18T13:47:59.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10933",
"trust": 0.8,
"url": "https://kb.juniper.net/jsa10933"
},
{
"title": "JuniperNetworksEX4300-MPJunosOS Security Feature Issue Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160975"
},
{
"title": "Juniper Networks EX4300-MP Junos OS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140072"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://kb.juniper.net/jsa10933"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0041"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0041"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43518"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/junos-os-ex4300-mp-information-disclosure-via-transit-network-traffic-control-plane-29022"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/us/en/products-services/nos/junos/"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10933"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "VULHUB",
"id": "VHN-140072"
},
{
"db": "BID",
"id": "108490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "VULHUB",
"id": "VHN-140072"
},
{
"db": "BID",
"id": "108490"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"date": "2019-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-140072"
},
{
"date": "2019-04-10T00:00:00",
"db": "BID",
"id": "108490"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"date": "2019-04-10T20:29:00.943000",
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"date": "2019-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"date": "2020-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-140072"
},
{
"date": "2019-04-10T00:00:00",
"db": "BID",
"id": "108490"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003345"
},
{
"date": "2020-09-29T00:32:14.097000",
"db": "NVD",
"id": "CVE-2019-0041"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks EX4300-MP Junos OS Security Feature Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13845"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-546"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.