{"containers": {"cna": {"affected": [{"platforms": ["vMX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "15.1F5", "status": "affected", "version": "15.1", "versionType": "custom"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-16T10:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10903"}, {"name": "106564", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106564"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 15.1F5, and all subsequent releases."}], "source": {"advisory": "JSA10903", "defect": ["1140895"], "discovery": "INTERNAL"}, "title": "Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability", "workarounds": [{"lang": "en", "value": "When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.\n\nDeny incoming packets with invalid source addresses From reaching the device.\nUtilize egress filtering to prevent invalid / spoofed packets from leaving your network(s).\nEnable stateful firewall filters where possible.\nUtilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2019-01-09T17:00:00.000Z", "ID": "CVE-2019-0007", "STATE": "PUBLIC", "TITLE": "Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"affected": "<", "platform": "vMX Series", "version_affected": "<", "version_name": "15.1", "version_value": "15.1F5"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10903", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10903"}, {"name": "106564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106564"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 15.1F5, and all subsequent releases."}], "source": {"advisory": "JSA10903", "defect": ["1140895"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.\n\nDeny incoming packets with invalid source addresses From reaching the device.\nUtilize egress filtering to prevent invalid / spoofed packets from leaving your network(s).\nEnable stateful firewall filters where possible.\nUtilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10903"}, {"name": "106564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106564"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2019-0007", "datePublished": "2019-01-15T21:00:00Z", "dateReserved": "2018-10-11T00:00:00", "dateUpdated": "2024-09-16T16:22:59.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD0952C4-FFCC-4A78-ADFC-289BD6E269DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*", "matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*", "matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*", "matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*", "matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*", "matchCriteriaId": "2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", "matchCriteriaId": "52699E2B-450A-431C-81E3-DC4483C8B4F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", "matchCriteriaId": "F72C850A-0530-4DB7-A553-7E19F82122B5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FE2089C-F341-4DC1-B76D-633BC699306D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", "matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", "matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", "matchCriteriaId": "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", "matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B557965-0040-4048-B56C-F564FF28635B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB875EBD-A3CD-4466-B2A3-39D47FF94592", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:vmx:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C4940BB-3715-4FAD-89FE-D876F957A098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series."}, {"lang": "es", "value": "El software de la serie vMX emplea un n\u00famero de secuencia IP ID predecible. Esto deja el sistema y a los clientes que se conectan a trav\u00e9s del dispositivo vulnerables a una familia de ataques que depende del uso de n\u00fameros de secuencia IP ID como su m\u00e9todo de ataque b\u00e1sico. Se encontr\u00f3 el problema durante un an\u00e1lisis de seguridad interno del producto. Las versiones afectadas son Juniper Networks Junos OS: versiones 15.1 anteriores a la 15.1F5 en la serie NFX."}], "id": "CVE-2019-0007", "lastModified": "2024-11-21T04:16:02.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-15T21:29:01.087", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106564"}, {"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10903"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}