Vulnerability Description
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 15.1 |
| Juniper | Mx10 | - |
| Juniper | Mx10003 | - |
| Juniper | Mx10008 | - |
| Juniper | Mx104 | - |
| Juniper | Mx150 | - |
| Juniper | Mx2008 | - |
| Juniper | Mx2010 | - |
| Juniper | Mx2020 | - |
| Juniper | Mx204 | - |
| Juniper | Mx240 | - |
| Juniper | Mx40 | - |
| Juniper | Mx480 | - |
| Juniper | Mx5 | - |
| Juniper | Mx80 | - |
| Juniper | Mx960 | - |
| Juniper | Vmx | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106564Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10903Vendor Advisory
- http://www.securityfocus.com/bid/106564Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10903Vendor Advisory
FAQ
What is CVE-2019-0007?
CVE-2019-0007 is a vulnerability with a CVSS score of 9.3 (CRITICAL). The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of pr...
How severe is CVE-2019-0007?
CVE-2019-0007 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-0007?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Mx10, Juniper Mx10003, Juniper Mx10008, Juniper Mx104.