CVE-2019-0006

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms Juniper Networks Junos OS versions prior to 15.1R7-S3 on all Virtual Chassis Platforms Juniper Networks Junos OS versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms

Description A certain crafted HTTP packet can trigger an uninitialized function pointer deference issue in the Packet Forwarding Engine manager (fxpc) on Juniper Networks devices in a Virtual Chassis configuration. This can result in a crash of the fxpc daemon or may potentially lead to remote code execution. The issue only occurs when the crafted packet is destined to the device.

Recommendations For versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms, update to version 14.1X53-D47 or later. For versions prior to 15.1R7-S3 on all Virtual Chassis Platforms, update to version 15.1R7-S3 or later. For versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms, update to version 15.1X53-D50 or later.