Vulnerability Description
SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 12.3x48 |
| Juniper | Srx5400 | - |
| Juniper | Srx5600 | - |
| Juniper | Srx5800 | - |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA10973Vendor Advisory
- https://kb.juniper.net/JSA10973Vendor Advisory
FAQ
What is CVE-2019-0051?
CVE-2019-0051 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can res...
How severe is CVE-2019-0051?
CVE-2019-0051 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0051?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Srx5400, Juniper Srx5600, Juniper Srx5800.