CVE-2019-0019

HIGH

Junos OS 16.1-18.4 - Denial of Service via BGP Message Processing

Title source: llm
STIX 2.1

Description

When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.

References (2)

Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10931
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107893

Scores

CVSS v3 7.5
EPSS 0.0049
EPSS Percentile 65.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-404
Status published
Products (10)
juniper/junos 16.1 (7 CPE variants)
juniper/junos 16.2 (3 CPE variants)
juniper/junos 17.1 (3 CPE variants)
juniper/junos 17.2 (4 CPE variants)
juniper/junos 17.3 (6 CPE variants)
juniper/junos 17.4 (4 CPE variants)
juniper/junos 18.1 (3 CPE variants)
juniper/junos 18.2x75 (3 CPE variants)
juniper/junos 18.3 (4 CPE variants)
juniper/junos 18.4 (2 CPE variants)
Published Apr 10, 2019
Tracked Since Feb 18, 2026