CRITICAL🇵🇱 Wersja polska

CVE-2019-0008

CVSS 9.8v3.1pub. 2019-04-10upd. 2024-11-21

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Juniper Ex4300

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4300m

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4600

    HW
    Juniper
    wszystkie wersje
  • Juniper Ex4650

    HW
    Juniper
    wszystkie wersje
  • Juniper Junos

    OS
    Juniper
    14.1x5317.317.418.118.3 – 18.3r2 (bez)15.1x53 – 15.1x53-d235 (bez)17.1 – 17.1r3 (bez)17.2 – 17.2r3 (bez)17.3 – 17.3r3-s2 (bez)17.4 – 17.4r2-s1 (bez)18.1 – 18.1r3-s1 (bez)18.2 – 18.2r2 (bez)18.2x75 – 18.2x75-d30 (bez)
  • Juniper Qfx5100

    HW
    Juniper
    wszystkie wersje
  • Juniper Qfx5110

    HW
    Juniper
    wszystkie wersje
  • Juniper Qfx5120

    HW
    Juniper
    wszystkie wersje
  • Juniper Qfx5200 32c

    HW
    Juniper
    wszystkie wersje
  • Juniper Qfx5200 48y

    HW
    Juniper
    wszystkie wersje
  • Juniper Qfx5210 64c

    HW
    Juniper
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...