PT-2019-1974 · Juniper Networks · Junos
Published
2019-04-10
·
Updated
2021-02-05
·
CVE-2019-0036
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to and including 12.3
Junos OS 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49
Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S4
Junos OS 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170
Junos OS 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69
Junos OS 16.1 versions prior to 16.1R7-S4, 16.1R7-S5
Junos OS 16.2 versions prior to 16.2R2-S9
Junos OS 17.1 versions prior to 17.1R3
Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R3-S1
Junos OS 17.3 versions prior to 17.3R3-S4
Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S3
Junos OS 18.1 versions prior to 18.1R2-S4, 18.1R3-S4
Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S1
Junos OS 18.2X75 versions prior to 18.2X75-D40
Junos OS 18.3 versions prior to 18.3R1-S3
Junos OS 18.4 versions prior to 18.4R1-S1, 18.4R1-S2
Description
The issue is related to the configuration of stateless firewall filters in Junos OS, where terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. This can lead to unexpected results as the filter criteria will match all packets. The vulnerability may allow a remote attacker to impact the confidentiality and integrity of protected information.
Recommendations
For Junos OS versions prior to and including 12.3, update to a version later than 12.3.
For Junos OS 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49, update to a version later than 14.1X53-D130 or 14.1X53-D49.
For Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S4, update to a version later than 15.1F6-S12 or 15.1R7-S4.
For Junos OS 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170, update to a version later than 15.1X49-D161 or 15.1X49-D170.
For Junos OS 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69, update to a version later than 15.1X53-D236, 15.1X53-D496, or 15.1X53-D69.
For Junos OS 16.1 versions prior to 16.1R7-S4, 16.1R7-S5, update to a version later than 16.1R7-S4 or 16.1R7-S5.
For Junos OS 16.2 versions prior to 16.2R2-S9, update to a version later than 16.2R2-S9.
For Junos OS 17.1 versions prior to 17.1R3, update to a version later than 17.1R3.
For Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R3-S1, update to a version later than 17.2R1-S8 or 17.2R3-S1.
For Junos OS 17.3 versions prior to 17.3R3-S4, update to a version later than 17.3R3-S4.
For Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, update to a version later than 17.4R1-S7 or 17.4R2-S3.
For Junos OS 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, update to a version later than 18.1R2-S4 or 18.1R3-S4.
For Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S1, update to a version later than 18.2R1-S5 or 18.2R2-S1.
For Junos OS 18.2X75 versions prior to 18.2X75-D40, update to a version later than 18.2X75-D40.
For Junos OS 18.3 versions prior to 18.3R1-S3, update to a version later than 18.3R1-S3.
For Junos OS 18.4 versions prior to 18.4R1-S1, 18.4R1-S2, update to a version later than 18.4R1-S1 or 18.4R1-S2.
Fix
Improper Access Control
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Junos