CVE-2019-0002: Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect
First published: Tue Jan 15 2019(Updated: )
On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =15.1x53-d50 | |
| Juniper JUNOS | =15.1x53-d51 | |
| Juniper JUNOS | =15.1x53-d52 | |
| Juniper JUNOS | =15.1x53-d55 | |
| Juniper JUNOS | =15.1x53-d57 | |
| Juniper JUNOS | =15.1x53-d58 | |
| Juniper JUNOS | =15.1x53-d59 | |
| Juniper JUNOS | =18.1 | |
| Juniper JUNOS | =18.1-r1 | |
| Juniper JUNOS | =18.1-r2 | |
| Juniper JUNOS | =18.1-r2-s1 | |
| Juniper JUNOS | =18.1-r2-s2 | |
| Juniper JUNOS | =18.1-r2-s4 | |
| Juniper JUNOS | =18.2 | |
| Juniper JUNOS | =18.2-r1 | |
| Juniper JUNOS | =18.2-r1-s3 | |
| Juniper JUNOS | =18.2-r1-s4 | |
| Juniper JUNOS | =18.2-r1-s5 | |
| Juniper Ex2300 | ||
| Juniper Ex3400 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-0002.
What is the severity level of CVE-2019-0002?
The severity level of CVE-2019-0002 is critical.
Which Juniper products are affected by CVE-2019-0002?
The Juniper EX2300 and EX3400 series are affected by CVE-2019-0002.
How can I check if my Juniper device is vulnerable to CVE-2019-0002?
You can check if your Juniper device is vulnerable to CVE-2019-0002 by referring to the affected software section in the CVE description.
Is there a fix available for CVE-2019-0002?
Yes, there is a fix available for CVE-2019-0002. Please refer to the references provided for more information on the fix.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/title
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/15.1x53-d50
- version/juniper junos/15.1x53-d51
- version/juniper junos/15.1x53-d52
- version/juniper junos/15.1x53-d55
- version/juniper junos/15.1x53-d57
- version/juniper junos/15.1x53-d58
- version/juniper junos/15.1x53-d59
- version/juniper junos/18.1
- version/juniper junos/18.1-r1
- version/juniper junos/18.1-r2
- version/juniper junos/18.1-r2-s1
- version/juniper junos/18.1-r2-s2
- version/juniper junos/18.1-r2-s4
- version/juniper junos/18.2
- version/juniper junos/18.2-r1
- version/juniper junos/18.2-r1-s3
- version/juniper junos/18.2-r1-s4
- version/juniper junos/18.2-r1-s5
- canonical/juniper ex2300
- canonical/juniper ex3400