CVE-2019-0065 : What You Need to Know

On MX Series, enabling the SIP ALG can lead to a vulnerability where the MS-PIC component on MS-MIC or MS-MPC may crash upon receiving a specific malformed SIP packet, potentially causing a Denial of Service attack.

Understanding CVE-2019-0065

This CVE involves a Denial of Service vulnerability in the MS-PIC component on MS-MIC or MS-MPC devices within Juniper Networks Junos OS on MX Series.

What is CVE-2019-0065?

Enabling the SIP ALG on MX Series devices can trigger a vulnerability where a specially crafted SIP packet can crash the MS-PIC component on MS-MIC or MS-MPC, leading to a sustained Denial of Service.

The Impact of CVE-2019-0065

Attack Complexity: Low
Attack Vector: Network
Base Score: 5.3 (Medium)
Availability Impact: Low
No impact on Confidentiality or Integrity
No privileges required
Scope: Unchanged
No user interaction required

Technical Details of CVE-2019-0065

This section provides more in-depth technical information about the vulnerability.

Vulnerability Description

Enabling SIP ALG on MX Series can crash MS-PIC on MS-MIC/MS-MPC with a specific malformed SIP packet.

Affected Systems and Versions

Affected Platform: MX Series
Affected Versions: 16.1 to 18.4 of Junos OS

Exploitation Mechanism

Attackers can exploit this vulnerability by sending carefully crafted SIP packets to repeatedly crash the MS-PIC component.

Mitigation and Prevention

Learn how to mitigate and prevent the CVE-2019-0065 vulnerability.

Immediate Steps to Take

Disable SIP ALG if not necessary to prevent exploitation.

Long-Term Security Practices

Regularly update Junos OS to the patched versions.

Patching and Updates

Update to the following software releases: 16.1R7-S5, 16.2R2-S11, 17.1R3, 17.2R3-S3, 17.3R3-S6, 17.4R2-S8, 17.4R3, 18.1R3-S3, 18.2R3, 18.3R2, 18.4R2, 19.1R1, and subsequent releases.