CVE-2019-0063 : Security Advisory and Response

This CVE-2019-0063 article provides insights into a vulnerability in Juniper Networks' Junos OS affecting MX Series devices.

Understanding CVE-2019-0063

What is CVE-2019-0063?

CVE-2019-0063 is a vulnerability in Juniper Networks' Junos OS that can lead to a Denial of Service (DoS) condition on MX Series devices when specific manipulated DHCP response messages are received.

The Impact of CVE-2019-0063

The vulnerability can cause the jdhcpd daemon to crash repeatedly, resulting in a prolonged DoS situation. However, Juniper SIRT has not detected any malicious exploitation of this vulnerability.

Technical Details of CVE-2019-0063

Vulnerability Description

When a Broadband Remote Access Server (BRAS) in the MX Series is configured as a Broadband Network Gateway (BNG) with DHCPv6 enabled, jdhcpd may crash upon receiving specific manipulated DHCP response messages on a subscriber interface.

Affected Systems and Versions

Affected Versions: Junos OS versions prior to 15.1R7-S5, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R3-S2, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S4, 18.2R3, 18.2X75-D50, 18.3R1-S5, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2.

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Adjacent Network
Availability Impact: High
CVSS Base Score: 6.5 (Medium)

Mitigation and Prevention

Immediate Steps to Take

Update to the following software releases: 15.1R7-S5, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R3-S2, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S6, 18.2R2-S4, 18.2R3, 18.2X75-D50, 18.3R1-S5, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.

Long-Term Security Practices

Regularly update Junos OS to the latest versions to ensure protection against known vulnerabilities.

Patching and Updates

Apply the provided software releases to address and resolve the vulnerability.