CVE-2019-0060 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	15.1x49
Juniper	Csrx	-
Juniper	Srx100	-
Juniper	Srx110	-
Juniper	Srx1400	-
Juniper	Srx1500	-
Juniper	Srx210	-
Juniper	Srx220	-
Juniper	Srx240	-
Juniper	Srx300	-
Juniper	Srx320	-
Juniper	Srx340	-
Juniper	Srx3400	-
Juniper	Srx345	-
Juniper	Srx3600	-
Juniper	Srx4100	-
Juniper	Srx4200	-
Juniper	Srx4600	-
Juniper	Srx5400	-
Juniper	Srx550	-

Related Weaknesses (CWE)

CWE-755

References

https://kb.juniper.net/JSA10959Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ipsec-tunnel-Vendor Advisory
https://kb.juniper.net/JSA10959Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ipsec-tunnel-Vendor Advisory

FAQ

What is CVE-2019-0060?

CVE-2019-0060 is a vulnerability with a CVSS score of 7.5 (HIGH). The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing o...

How severe is CVE-2019-0060?

CVE-2019-0060 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0060?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Csrx, Juniper Srx100, Juniper Srx110, Juniper Srx1400.