CVE-2019-0043

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 12.1X46-D77 Junos OS versions prior to 12.3R12-S10 Junos OS versions prior to 12.3X48-D75 Junos OS versions prior to 14.1X53-D48 Junos OS versions prior to 15.1R4-S9 Junos OS versions prior to 15.1R7-S2 Junos OS versions prior to 15.1F6-S11 Junos OS versions prior to 15.1X49-D141 Junos OS versions prior to 15.1X49-D144 Junos OS versions prior to 15.1X49-D150 Junos OS versions prior to 15.1X53-D234 Junos OS versions prior to 15.1X53-D68 Junos OS versions prior to 15.1X53-D471 Junos OS versions prior to 15.1X53-D490 Junos OS versions prior to 15.1X53-D590 Junos OS versions prior to 15.1X54 Junos OS versions prior to 16.1R3-S10 Junos OS versions prior to 16.1R4-S11 Junos OS versions prior to 16.1R6-S5 Junos OS versions prior to 16.1R7 Junos OS versions prior to 16.1X65-D48 Junos OS versions prior to 16.2R2-S6 Junos OS versions prior to 17.1R2-S8 Junos OS versions prior to 17.1R3 Junos OS versions prior to 17.2R1-S7 Junos OS versions prior to 17.2R3 Junos OS versions prior to 17.2X75-D92 Junos OS versions prior to 17.2X75-D102 Junos OS versions prior to 17.2X75-D110 Junos OS versions prior to 17.3R3 Junos OS versions prior to 17.4R1-S4 Junos OS versions prior to 17.4R2 Junos OS versions prior to 18.1R1-S1 Junos OS versions prior to 18.1R2-S1 Junos OS versions prior to 18.1R3 Junos OS versions prior to 18.2X75-D10

Description The issue exists due to insufficient input validation in the Junos OS, allowing a remote attacker to cause a denial of service by sending specially crafted SNMP packets. This can lead to the routing protocol daemon (RPD) process crashing and restarting. Continuous sending of such packets can cause prolonged denial of service.

Recommendations As a temporary workaround, consider disabling SNMP until a patch is available. Restrict access to the vulnerable SNMP endpoint to minimize the risk of exploitation. Update to a version that includes the fix for this issue, as specified in the affected releases list. For example, for 12.1X46 versions, update to 12.1X46-D77 or later. For 12.3 versions, update to 12.3R12-S10 or later. For 12.3X48 versions, update to 12.3X48-D75 or later. For 14.1X53 versions, update to 14.1X53-D48 or later. For 15.1 versions, update to 15.1R4-S9, 15.1R7-S2 or later. For 15.1F6 versions, update to 15.1F6-S11 or later. For 15.1X49 versions, update to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 or later. For 15.1X53 versions, update to 15.1X53-D234, 15.1X53-D68, 15.1X53-D471, 15.1X53-D490, 15.1X53-D590 or later. For 15.1X54, update to a version that is not affected. For 16.1 versions, update to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7 or later. For 16.1X65 versions, update to 16.1X65-D48 or later. For 16.2 versions, update to 16.2R2-S6 or later. For 17.1 versions, update to 17.1R2-S8, 17.1R3 or later. For 17.2 versions, update to 17.2R1-S7, 17.2R3 or later. For 17.2X75 versions, update to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110 or later. For 17.3 versions, update to 17.3R3 or later. For 17.4 versions, update to 17.4R1-S4, 17.4R2 or later. For 18.1 versions, update to 18.1R1-S1, 18.1R2-S1, 18.1R3 or later. For 18.2X75 versions, update to 18.2X75-D10 or later.