Vulnerability Description
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 15.1 |
| Juniper | Csrx | - |
| Juniper | Srx100 | - |
| Juniper | Srx110 | - |
| Juniper | Srx1400 | - |
| Juniper | Srx1500 | - |
| Juniper | Srx210 | - |
| Juniper | Srx220 | - |
| Juniper | Srx240 | - |
| Juniper | Srx300 | - |
| Juniper | Srx320 | - |
| Juniper | Srx340 | - |
| Juniper | Srx3400 | - |
| Juniper | Srx345 | - |
| Juniper | Srx3600 | - |
| Juniper | Srx4100 | - |
| Juniper | Srx4200 | - |
| Juniper | Srx4600 | - |
| Juniper | Srx5400 | - |
| Juniper | Srx550 | - |
Related Weaknesses (CWE)
References
- https://kb.juniper.net/JSA10965Vendor Advisory
- https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ng-mVendor Advisory
- https://kb.juniper.net/JSA10965Vendor Advisory
- https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ng-mVendor Advisory
FAQ
What is CVE-2019-0066?
CVE-2019-0066 is a vulnerability with a CVSS score of 7.5 (HIGH). An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the...
How severe is CVE-2019-0066?
CVE-2019-0066 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0066?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Csrx, Juniper Srx100, Juniper Srx110, Juniper Srx1400.