A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00494.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Juniper
  • Junos
  • Srx100
  • Srx110
  • Srx1400
  • Srx210
  • Srx220
  • Srx240
  • Srx3400
  • Srx3600
  • Srx5400
  • Srx550
  • Srx5600
  • Srx5800
  • Srx650

Configuration 1 [-]

AND
OR cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2019-0840 A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.
Fixes

Solution

The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D50, 15.1X49-D75, 17.3R1, and all subsequent releases.

Workaround

Discontinue use of proxy ARP. An example configuration snippet is below: deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 (or) delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 There are no other viable workarounds for this issue.

References
Link Providers
http://www.securityfocus.com/bid/107882 cve-icon cve-icon
https://kb.juniper.net/JSA10922 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2024-09-17T01:11:20.764Z

Reserved: 2018-10-11T00:00:00

Link: CVE-2019-0033

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-10T20:29:00.583

Modified: 2024-11-21T04:16:05.597

Link: CVE-2019-0033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.