CVE-2019-0009: Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE
First published: Tue Jan 15 2019(Updated: )
On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =15.1x53-d50 | |
| Junos OS Evolved | =15.1x53-d51 | |
| Junos OS Evolved | =15.1x53-d52 | |
| Junos OS Evolved | =15.1x53-d55 | |
| Junos OS Evolved | =15.1x53-d57 | |
| Junos OS Evolved | =15.1x53-d58 | |
| Junos OS Evolved | =15.1x53-d59 | |
| Juniper EX2300-24T | ||
| Juniper EX3400 | ||
| Junos OS Evolved | =18.1 | |
| Junos OS Evolved | =18.1-r1 | |
| Junos OS Evolved | =18.2 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D113, 15.1X53-D590, 18.1R2-S2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-0009.
Which Junos platforms are affected by this vulnerability?
This vulnerability affects Junos platforms EX2300 and EX3400.
How does this vulnerability impact communication between the routing engine and packet forwarding engine?
This vulnerability disrupts the communication between the routing engine (RE) and the packet forwarding engine (PFE) during high disk I/O operations.
Does this vulnerability affect virtual chassis (VC) deployments?
Yes, in a virtual chassis (VC) deployment, this vulnerability also disrupts communication between the VC members.
What is the severity of CVE-2019-0009?
CVE-2019-0009 has a severity rating of 5.5 (Medium).
How can I fix CVE-2019-0009?
Please refer to the Juniper advisory linked in the references for steps to mitigate this vulnerability.
- agent/references
- agent/type
- agent/remedy
- agent/severity
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/15.1x53-d50
- version/junos os evolved/15.1x53-d51
- version/junos os evolved/15.1x53-d52
- version/junos os evolved/15.1x53-d55
- version/junos os evolved/15.1x53-d57
- version/junos os evolved/15.1x53-d58
- version/junos os evolved/15.1x53-d59
- canonical/juniper ex2300-24t
- canonical/juniper ex3400
- version/junos os evolved/18.1
- version/junos os evolved/18.1-r1
- version/junos os evolved/18.2