CVE-2019-0041 — HIGH (8.6) — White Hats Nepal

Vulnerability Description

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	18.2
Juniper	Ex4300-Mp	-

Related Weaknesses (CWE)

CWE-284

References

https://kb.juniper.net/JSA10933MitigationVendor Advisory
https://kb.juniper.net/JSA10933MitigationVendor Advisory

FAQ

What is CVE-2019-0041?

CVE-2019-0041 is a vulnerability with a CVSS score of 8.6 (HIGH). On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affe...

How severe is CVE-2019-0041?

CVE-2019-0041 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0041?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4300-Mp.