Vulnerability Details : CVE-2019-0007
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.
Products affected by CVE-2019-0007
- cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0007
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0007
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST | |
9.3
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H |
3.9
|
4.7
|
Juniper Networks, Inc. |
CWE ids for CVE-2019-0007
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0007
-
http://www.securityfocus.com/bid/106564
Juniper Junos CVE-2019-0007 Security WeaknessThird Party Advisory;VDB Entry
-
https://kb.juniper.net/JSA10903
Juniper Networks - 2019-01 Security Bulletin: Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability (CVE-2019-0007)Vendor Advisory
Jump to