CVE-2019-0007
CRITICALJuniper Networks Junos OS <15.1F5 - Info Disclosure
Title source: llmDescription
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10903
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106564
Scores
CVSS v3
9.3
EPSS
0.0050
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
Details
CWE
CWE-330
Status
published
Products (1)
juniper/junos
15.1 (6 CPE variants)
Published
Jan 15, 2019
Tracked Since
Feb 18, 2026