CVE-2019-0005

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 14.1X53-D47 Junos OS versions prior to 15.1R7 Junos OS versions prior to 15.1X53-D234 on QFX5200/QFX5110 series Junos OS versions prior to 15.1X53-D591 on EX2300/EX3400 series Junos OS versions prior to 16.1R7 Junos OS versions prior to 17.1R2-S10, 17.1R3 Junos OS versions prior to 17.2R3 Junos OS versions prior to 17.3R3 Junos OS versions prior to 17.4R2 Junos OS versions prior to 18.1R2

Description The issue is related to errors in processing IPv6 packets by the JunOS firewall filter. This may allow an attacker to execute arbitrary code using a specially crafted IPv6 packet. The problem is specific to IPv6 extension headers, and IPv4 packet filtering is not affected.

Recommendations For versions prior to 14.1X53-D47, update to 14.1X53-D47 or later. For versions prior to 15.1R7, update to 15.1R7 or later. For versions prior to 15.1X53-D234 on QFX5200/QFX5110 series, update to 15.1X53-D234 or later. For versions prior to 15.1X53-D591 on EX2300/EX3400 series, update to 15.1X53-D591 or later. For versions prior to 16.1R7, update to 16.1R7 or later. For versions prior to 17.1R2-S10, 17.1R3, update to 17.1R2-S10, 17.1R3 or later. For versions prior to 17.2R3, update to 17.2R3 or later. For versions prior to 17.3R3, update to 17.3R3 or later. For versions prior to 17.4R2, update to 17.4R2 or later. For versions prior to 18.1R2, update to 18.1R2 or later.