漏洞详情: CVE-2019-0066

漏洞标题
Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core
来源:NVD
瞻博网络 Juniper Networks Junos OS 安全漏洞
来源:CNNVD
Junos OS:在NG-mVPN场景中,Junos 接收到格式错误的 IPv4 数据包可能导致路由协议守护进程(rpd)崩溃
来源:神龙机器人
漏洞描述
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.
来源:NVD
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在安全漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响:Juniper Networks Junos OS 15.1版本,15.1X49版本,15.1X53版本,16.1版本,16.2版本,17.1版本,17.2版本,17
来源:CNNVD
Junos OS:在NG-mVPN场景中,Junos 收到形如 IPv4 的 malformed 包可能导致路由协议守护进程(rpd)崩溃
来源:神龙机器人
From 漏洞平台(人工运营) -CN
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞接收格式错误的数据包将导致持续的拒绝服务状况。
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源:NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源:神龙机器人, 准确率:8/8 = 100.00%
漏洞类别
未预期的状态编码或返回值
来源:NVD
其他
来源:CNNVD
相关链接