CVE-2019-0056

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 18.1R2-S4, 18.1R3-S5 Junos OS version 18.1X75-D10 and later versions Junos OS versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3 Junos OS versions prior to 18.2X75-D50 Junos OS versions prior to 18.3R1-S4, 18.3R2, 18.3R3 Junos OS versions prior to 18.4R1-S2, 18.4R2

Description The issue exists due to insufficient input validation in the OSPF protocol implementation. An attacker can exploit this to cause a Denial of Service (DoS) by sending a large number of specific IPv6 packets, causing the OSPF states to transition to Down. This affects all IPv4 and IPv6 traffic served by the OSPF routes. The attack requires multiple MPC10's installed in a single chassis with OSPF enabled and configured.

Recommendations For Junos OS versions prior to 18.1R2-S4, 18.1R3-S5, update to 18.1R2-S4 or 18.1R3-S5 or later. For Junos OS version 18.1X75-D10 and later versions, consider disabling OSPF until a patch is available. For Junos OS versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3, update to 18.2R1-S5, 18.2R2-S3, or 18.2R3 or later. For Junos OS versions prior to 18.2X75-D50, update to 18.2X75-D50 or later. For Junos OS versions prior to 18.3R1-S4, 18.3R2, 18.3R3, update to 18.3R1-S4, 18.3R2, or 18.3R3 or later. For Junos OS versions prior to 18.4R1-S2, 18.4R2, update to 18.4R1-S2 or 18.4R2 or later.