CVE-2019-0028

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 16.1R7 Junos OS versions 16.1X65 prior to 16.1X65-D48 Junos OS versions 16.2 prior to 16.2R2-S8 Junos OS versions 17.1 prior to 17.1R2-S7, 17.1R3 Junos OS versions 17.2 prior to 17.2R1-S7, 17.2R3 Junos OS versions 17.2X75 prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110 Junos OS versions 17.3 prior to 17.3R2-S2, 17.3R3 Junos OS versions 17.4 prior to 17.4R1-S4, 17.4R2 Junos OS versions 18.1 prior to 18.1R2

Description The issue exists due to insufficient input validation in the BGP component of Junos OS. This can be exploited by a remote attacker to cause a denial of service. On Junos devices with BGP graceful restart helper mode enabled, a BGP session restart on a remote peer may cause the local routing protocol daemon process to crash and restart. An attacker can simulate a specific BGP session restart to repeatedly crash the process, causing prolonged denial of service. The BGP graceful restart helper mode is enabled by default.

Recommendations For Junos OS versions prior to 16.1R7, update to 16.1R7 or later. For Junos OS versions 16.1X65 prior to 16.1X65-D48, update to 16.1X65-D48 or later. For Junos OS versions 16.2 prior to 16.2R2-S8, update to 16.2R2-S8 or later. For Junos OS versions 17.1 prior to 17.1R2-S7, 17.1R3, update to 17.1R2-S7, 17.1R3 or later. For Junos OS versions 17.2 prior to 17.2R1-S7, 17.2R3, update to 17.2R1-S7, 17.2R3 or later. For Junos OS versions 17.2X75 prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110, update to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110 or later. For Junos OS versions 17.3 prior to 17.3R2-S2, 17.3R3, update to 17.3R2-S2, 17.3R3 or later. For Junos OS versions 17.4 prior to 17.4R1-S4, 17.4R2, update to 17.4R1-S4, 17.4R2 or later. For Junos OS versions 18.1 prior to 18.1R2, update to 18.1R2 or later.