CVE-2019-0003 : Security Advisory and Response
Learn about CVE-2019-0003, a vulnerability in Juniper Networks Junos OS that causes the routing protocol daemon process to crash due to a specific BGP flowspec configuration. Find out the impacted systems, exploitation details, and mitigation steps.
Enabling a specific BGP flowspec configuration can lead to a failure in asserting reachability, causing the routing protocol daemon process to crash. This vulnerability affects various Juniper Networks Junos OS versions.
Understanding CVE-2019-0003
This CVE involves a specific BGP flowspec configuration that triggers a crash in the routing protocol daemon process when a matching BGP packet is received.
What is CVE-2019-0003?
CVE-2019-0003 is a vulnerability in Juniper Networks Junos OS that results in a crash of the routing protocol daemon process due to a specific BGP flowspec configuration.
The Impact of CVE-2019-0003
The vulnerability can lead to a denial of service as the routing protocol daemon process crashes, impacting network availability.
Technical Details of CVE-2019-0003
This section provides detailed technical information about the vulnerability.
Vulnerability Description
When a specific BGP flowspec configuration is enabled, a reachable assertion failure occurs, causing the routing protocol daemon process to crash.
Affected Systems and Versions
- Junos OS 12.1X46 versions earlier than 12.1X46-D77 on SRX Series
- Junos OS 12.3 versions earlier than 12.3R12-S10
- Junos OS 12.3X48 versions earlier than 12.3X48-D70 on SRX Series
- Junos OS 14.1X53 versions earlier than 14.1X53-D47 on various platforms
- Junos OS 15.1 versions earlier than 15.1R3
- Junos OS 15.1F versions earlier than 15.1F3
- Junos OS 15.1X49 versions earlier than 15.1X49-D140 on SRX Series
- Junos OS 15.1X53 versions earlier than 15.1X53-D59 on EX2300/EX3400
Exploitation Mechanism
The vulnerability is triggered when a specific BGP packet matches a particular term in the flowspec configuration, leading to a crash in the routing protocol daemon process.
Mitigation and Prevention
To address CVE-2019-0003, follow these mitigation steps:
Immediate Steps to Take
- Disable BGP flowspec to prevent the vulnerability from being exploited.
Long-Term Security Practices
- Regularly update Junos OS to the patched versions to ensure the vulnerability is resolved.
Patching and Updates
- Update to the following software releases: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1, and all subsequent releases.