First published: Wed Apr 10 2019(Updated: )
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | >=15.1x53<15.1x53-d235 | |
Juniper JUNOS | >=17.1<17.1r3 | |
Juniper JUNOS | >=17.2<17.2r3 | |
Juniper JUNOS | >=17.3<17.3r3-s2 | |
Juniper JUNOS | >=17.4<17.4r2-s1 | |
Juniper JUNOS | >=18.1<18.1r3-s1 | |
Juniper JUNOS | >=18.2<18.2r2 | |
Juniper JUNOS | >=18.2x75<18.2x75-d30 | |
Juniper JUNOS | >=18.3<18.3r2 | |
Juniper JUNOS | =14.1x53 | |
Juniper JUNOS | =17.3 | |
Juniper JUNOS | =17.4 | |
Juniper JUNOS | =18.1 | |
Juniper Ex4300 | ||
Juniper Ex4300m | ||
Juniper EX4600 | ||
Juniper Ex4650 | ||
Juniper Qfx5100 | ||
Juniper Qfx5110 | ||
Juniper Qfx5120 | ||
Juniper Qfx5200-32c | ||
Juniper Qfx5200-48y | ||
Juniper Qfx5210-64c |
The following software releases have been updated to resolve this specific issue: 15.1X53-D235, 17.1R3, 17.2R3, 17.3R3-S2, 17.3R4, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.1R4, 18.2R2, 18.2X75-D30, 18.3R2, 18.4R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-0008 is critical.
QFX5000 series, EX4300, and EX4600 devices are affected by CVE-2019-0008.
CVE-2019-0008 may result in a crash of the fxpc daemon or potentially lead to remote code execution.
Apply the necessary security patches provided by Juniper.
You can find more information about CVE-2019-0008 on the SecurityFocus and Juniper Knowledge Base websites.