A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.
Published 2019-04-10 20:29:00
Updated 2021-10-25 16:19:20
View at NVD,   CVE.org
Vulnerability category: OverflowMemory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2019-0008

4.13%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-0008

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
Juniper Networks, Inc.
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2019-0008

  • A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
    Assigned by: sirt@juniper.net (Secondary)
  • The product writes data past the end, or before the beginning, of the intended buffer.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-0008

  • https://kb.juniper.net/JSA10930
    Juniper Networks - 2019-04 Security Bulletin: QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process (CVE-2019-0008)
    Vendor Advisory
  • http://www.securityfocus.com/bid/107897
    Juniper Junos CVE-2019-0008 Stack Buffer Overflow Vulnerability
    Third Party Advisory;VDB Entry

Products affected by CVE-2019-0008

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!