Vulnerability Name:

CVE-2019-0009 (CCN-155351)

Assigned:2018-10-11
Published:2019-01-09
Updated:2021-07-21
Summary:On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-0009

Source: BID
Type: Third Party Advisory, VDB Entry
106548

Source: XF
Type: UNKNOWN
juniper-junos-cve20190009-dos(155351)

Source: CCN
Type: Juniper Networks Security Bulletin JSA10909
Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE (CVE-2019-0009)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/JSA10909

Vulnerable Configuration:Configuration 1:
  • cpe:/o:juniper:junos:15.1x53:d57:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d51:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d58:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d52:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d50:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d55:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:15.1x53:d59:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:ex3400:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:ex2300:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:juniper:junos:18.1:-:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:18.1:r1:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:18.2:-:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:ex2300:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:ex3400:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:juniper:junos:15.1x53:*:*:*:*:*:*:*
  • OR cpe:/a:juniper:junos:18.1:-:*:*:*:*:*:*
  • OR cpe:/a:juniper:junos:18.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper junos 15.1x53 d57
    juniper junos 15.1x53 d51
    juniper junos 15.1x53 d58
    juniper junos 15.1x53 d52
    juniper junos 15.1x53 d50
    juniper junos 15.1x53 d55
    juniper junos 15.1x53 d59
    juniper ex3400 -
    juniper ex2300 -
    juniper junos 18.1 -
    juniper junos 18.1 r1
    juniper junos 18.2
    juniper ex2300 -
    juniper ex3400 -
    juniper junos 15.1x53
    juniper junos 18.1 -
    juniper junos 18.2