CVE-2019-0003

Description

When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.

Risk Information

Base Score

5.9

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.54

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are fixed in junos 12.1x46-d77	NCM
Multiple Vulnerabilities are fixed in junos 12.3r12-s10	NCM
Multiple Vulnerabilities are fixed in junos 14.1X53-D47	NCM
Vulnerabilities CVE-2019-0003 are fixed in junos 15.1f3	NCM
Reachable Assertion Vulnerability (CVE-2019-0003)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1704488	Security Update for junos 9.2r1
PATCH-1704488	Security Update for junos 9.2r1
PATCH-1704488	Security Update for junos 9.2r1
PATCH-1704488	Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234