CVE-2019-0048: EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail
First published: Thu Jul 11 2019(Updated: )
On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =14.1x53 | |
| Junos OS Evolved | =14.1x53-d10 | |
| Junos OS Evolved | =14.1x53-d15 | |
| Junos OS Evolved | =14.1x53-d16 | |
| Junos OS Evolved | =14.1x53-d25 | |
| Junos OS Evolved | =14.1x53-d26 | |
| Junos OS Evolved | =14.1x53-d27 | |
| Junos OS Evolved | =14.1x53-d30 | |
| Junos OS Evolved | =14.1x53-d35 | |
| Junos OS Evolved | =14.1x53-d40 | |
| Junos OS Evolved | =14.1x53-d45 | |
| Junos OS Evolved | =14.1x53-d48 | |
| Junos OS Evolved | =14.1x53-d49 | |
| Juniper EX4300-24P | ||
| Juniper EX4300 | ||
| Juniper EX4300-24T-S | ||
| Juniper EX4300 | ||
| Juniper EX4300-32F-S | ||
| Juniper EX4300 | ||
| Juniper EX4300-32F-S | ||
| Juniper EX4300-48MP | ||
| Juniper EX4300-48MP-S | ||
| Juniper EX4300-48P | ||
| Juniper EX4300-48P | ||
| Juniper EX4300-48T-AFI | ||
| Juniper EX4300-48TAFI | ||
| Juniper EX4300-48TDC | ||
| Juniper EX4300-48TDC-AFI | ||
| Juniper EX4300-48T-S | ||
| Juniper EX4300 | ||
| Juniper EX4300 Multigigabit | ||
| Juniper EX4300-48T-DC-AFI | ||
| Junos OS Evolved | =17.1 | |
| Junos OS Evolved | =17.1-r1 | |
| Junos OS Evolved | =17.1-r2-s1 | |
| Junos OS Evolved | =17.1-r2-s10 | |
| Junos OS Evolved | =17.1-r2-s2 | |
| Junos OS Evolved | =17.1-r2-s3 | |
| Junos OS Evolved | =17.1-r2-s4 | |
| Junos OS Evolved | =17.1-r2-s5 | |
| Junos OS Evolved | =17.1-r2-s6 | |
| Junos OS Evolved | =17.1-r2-s7 | |
| Junos OS Evolved | =17.2 | |
| Junos OS Evolved | =17.2-r1 | |
| Junos OS Evolved | =17.2-r1-s2 | |
| Junos OS Evolved | =17.2-r1-s4 | |
| Junos OS Evolved | =17.2-r1-s7 | |
| Junos OS Evolved | =17.2-r2 | |
| Junos OS Evolved | =17.2-r2-s6 | |
| Junos OS Evolved | =17.2-r2-s7 | |
| Junos OS Evolved | =17.2-r3-s1 | |
| Junos OS Evolved | =17.3 | |
| Junos OS Evolved | =17.3-r1 | |
| Junos OS Evolved | =17.3-r2 | |
| Junos OS Evolved | =17.3-r2-s1 | |
| Junos OS Evolved | =17.3-r2-s2 | |
| Junos OS Evolved | =17.3-r3-s1 | |
| Junos OS Evolved | =17.3-r3-s2 | |
| Junos OS Evolved | =17.4 | |
| Junos OS Evolved | =17.4-r1 | |
| Junos OS Evolved | =17.4-r1-s1 | |
| Junos OS Evolved | =17.4-r1-s2 | |
| Junos OS Evolved | =17.4-r1-s4 | |
| Junos OS Evolved | =17.4-r2 | |
| Junos OS Evolved | =17.4-r2-s1 | |
| Junos OS Evolved | =17.4-r2-s2 | |
| Junos OS Evolved | =17.4-r2-s3 | |
| Junos OS Evolved | =17.4-r2-s4 | |
| Junos OS Evolved | =18.1 | |
| Junos OS Evolved | =18.1-r1 | |
| Junos OS Evolved | =18.1-r2 | |
| Junos OS Evolved | =18.1-r2-s1 | |
| Junos OS Evolved | =18.1-r2-s2 | |
| Junos OS Evolved | =18.2 | |
| Junos OS Evolved | =18.2-r1 | |
| Junos OS Evolved | =18.2-r1-s3 | |
| Junos OS Evolved | =18.2-r1-s4 | |
| Junos OS Evolved | =18.2-r2-s1 | |
| Junos OS Evolved | =18.2-r2-s2 | |
| Junos OS Evolved | =18.2-r2-s3 | |
| Junos OS Evolved | =18.2-r2-s4 | |
| Junos OS Evolved | =18.3 | |
| Junos OS Evolved | =18.3-r1 | |
| Junos OS Evolved | =18.3-r1-s1 | |
| Junos OS Evolved | =18.3-r1-s2 | |
| Junos OS Evolved | =18.3-r1-s3 | |
| Junos OS Evolved | =18.3-r1-s4 |
Remedy
The following software releases have been updated to resolve this specific issue: 14.1X53-D51, 14.1X53-D115, 17.1R3, 17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 17.4R3, 18.1R3-S1, 18.2R2, 18.3R2, 18.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0048?
CVE-2019-0048 has a medium severity rating due to its potential impact on network performance and multicast traffic filtering.
How do I fix CVE-2019-0048?
To mitigate CVE-2019-0048, it is recommended to update your Juniper EX4300 Series switches to a fixed version of the Junos OS.
What affects the vulnerability CVE-2019-0048?
CVE-2019-0048 affects EX4300 Series switches running Junos versions 14.1x53 and specific 17.x and 18.x releases.
Is CVE-2019-0048 exploitable remotely?
Yes, CVE-2019-0048 can be exploited remotely by sending specially crafted multicast traffic.
Who is impacted by CVE-2019-0048?
Organizations using impacted Juniper EX4300 Series switches with the specified versions of Junos OS are vulnerable to CVE-2019-0048.
- agent/type
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/14.1x53
- version/junos os evolved/14.1x53-d10
- version/junos os evolved/14.1x53-d15
- version/junos os evolved/14.1x53-d16
- version/junos os evolved/14.1x53-d25
- version/junos os evolved/14.1x53-d26
- version/junos os evolved/14.1x53-d27
- version/junos os evolved/14.1x53-d30
- version/junos os evolved/14.1x53-d35
- version/junos os evolved/14.1x53-d40
- version/junos os evolved/14.1x53-d45
- version/junos os evolved/14.1x53-d48
- version/junos os evolved/14.1x53-d49
- canonical/juniper ex4300-24p
- canonical/juniper ex4300
- canonical/juniper ex4300-24t-s
- canonical/juniper ex4300-32f-s
- canonical/juniper ex4300-48mp
- canonical/juniper ex4300-48mp-s
- canonical/juniper ex4300-48p
- canonical/juniper ex4300-48t-afi
- canonical/juniper ex4300-48tafi
- canonical/juniper ex4300-48tdc
- canonical/juniper ex4300-48tdc-afi
- canonical/juniper ex4300-48t-s
- canonical/juniper ex4300 multigigabit
- canonical/juniper ex4300-48t-dc-afi
- version/junos os evolved/17.1
- version/junos os evolved/17.1-r1
- version/junos os evolved/17.1-r2-s1
- version/junos os evolved/17.1-r2-s10
- version/junos os evolved/17.1-r2-s2
- version/junos os evolved/17.1-r2-s3
- version/junos os evolved/17.1-r2-s4
- version/junos os evolved/17.1-r2-s5
- version/junos os evolved/17.1-r2-s6
- version/junos os evolved/17.1-r2-s7
- version/junos os evolved/17.2
- version/junos os evolved/17.2-r1
- version/junos os evolved/17.2-r1-s2
- version/junos os evolved/17.2-r1-s4
- version/junos os evolved/17.2-r1-s7
- version/junos os evolved/17.2-r2
- version/junos os evolved/17.2-r2-s6
- version/junos os evolved/17.2-r2-s7
- version/junos os evolved/17.2-r3-s1
- version/junos os evolved/17.3
- version/junos os evolved/17.3-r1
- version/junos os evolved/17.3-r2
- version/junos os evolved/17.3-r2-s1
- version/junos os evolved/17.3-r2-s2
- version/junos os evolved/17.3-r3-s1
- version/junos os evolved/17.3-r3-s2
- version/junos os evolved/17.4
- version/junos os evolved/17.4-r1
- version/junos os evolved/17.4-r1-s1
- version/junos os evolved/17.4-r1-s2
- version/junos os evolved/17.4-r1-s4
- version/junos os evolved/17.4-r2
- version/junos os evolved/17.4-r2-s1
- version/junos os evolved/17.4-r2-s2
- version/junos os evolved/17.4-r2-s3
- version/junos os evolved/17.4-r2-s4
- version/junos os evolved/18.1
- version/junos os evolved/18.1-r1
- version/junos os evolved/18.1-r2
- version/junos os evolved/18.1-r2-s1
- version/junos os evolved/18.1-r2-s2
- version/junos os evolved/18.2
- version/junos os evolved/18.2-r1
- version/junos os evolved/18.2-r1-s3
- version/junos os evolved/18.2-r1-s4
- version/junos os evolved/18.2-r2-s1
- version/junos os evolved/18.2-r2-s2
- version/junos os evolved/18.2-r2-s3
- version/junos os evolved/18.2-r2-s4
- version/junos os evolved/18.3
- version/junos os evolved/18.3-r1
- version/junos os evolved/18.3-r1-s1
- version/junos os evolved/18.3-r1-s2
- version/junos os evolved/18.3-r1-s3
- version/junos os evolved/18.3-r1-s4