CVE-2019-0001 : Receipt of a malformed packet on MX Series devices with dynamic vlan configurati

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Published 2019-01-15 21:29:01

Updated 2020-12-08 14:26:04

Source Juniper Networks, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-0001

Juniper » Junos » Version: 16.1 Update R1
cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4
cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R5
cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R6
cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R2
cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R3
cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R1
cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R2
cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R1
cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2
cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1
cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R2
cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R1
cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4-s3
cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4-s4
cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R5-s4
cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R7
cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R2-s5
cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s7
cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2
cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1
cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R6-s1
cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2-s2
cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 18.2 Update R1
cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R3-s10
cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R6-s6
cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s7
cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1
cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2
cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1
cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2
cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2-s1
cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3
cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4
cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s1
cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s2
cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s9
cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s5
cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R3-s11
cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R2-s2
cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R2-s6
cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.2 Update R2-s1
cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s6
cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s2
cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s3
cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s4
cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s5
cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s1
cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R2-s6
cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s2
cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s4
cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s6
cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s4
cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 18.2 Update R1-s5
cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 18.2
cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 18.2 Update R1-s4
cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 18.2 Update R1-s3
cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s8
cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R2-s7
cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.4 Update R1-s7
cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R1-s1
cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s1
cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s3
cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R1-s5
cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.1 Update R2-s8
cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2-s3
cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R3
cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4-s12
cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4-s2
cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 16.1 Update R4-s6
cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.2 Update R2-s11
cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2-s4
cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 17.3 Update R2-s5
cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-0001

EPSS FAQ

1.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-0001

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Juniper Networks, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-0001

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Assigned by:
- nvd@nist.gov (Primary)
- sirt@juniper.net (Secondary)

References for CVE-2019-0001

http://www.securityfocus.com/bid/106541

Juniper Junos CVE-2019-0001 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/

[SECURITY] Fedora 31 Update: tnef-1.4.18-1.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/

[SECURITY] Fedora 30 Update: tnef-1.4.18-1.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://kb.juniper.net/JSA10900

Juniper Networks - 2019-01 Security Bulletin: Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd). (CVE-2019-0001)
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-0001

Products affected by CVE-2019-0001

Exploit prediction scoring system (EPSS) score for CVE-2019-0001

CVSS scores for CVE-2019-0001

CWE ids for CVE-2019-0001

References for CVE-2019-0001