Published: 15/01/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions before 16.1R7-S1; 16.2 versions before 16.2R2-S7; 17.1 versions before 17.1R2-S10, 17.1R3; 17.2 versions before 17.2R3; 17.3 versions before 17.3R3-S1; 17.4 versions before 17.4R2; 18.1 versions before 18.1R3; 18.2 versions before 18.2R2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 16.1
juniper junos 16.2
juniper junos 17.1
juniper junos 17.2
juniper junos 17.3
juniper junos 17.4
juniper junos 18.2
fedoraproject fedora 30
fedoraproject fedora 31

Before you slink off to the pub, be sure to patch these 19 serious vulns in Juniper Networks kit

The Register • Richard Chirgwin • 10 Jan 2019

Happy New Year from the Gin Palace

Juniper Networks has had its first big bug day in months, with 19 patches announced covering everything from third-party package catchups to critical errors in password handling. For the sake of organisation, let's pick up patches in the Junos OS first (there being so many patches, The Register will focus on those rated "High" and "Critical"). First on the critical list is CVE-2019-0006, which affects Junos OS 14.1X53, 15.1, and 15.1X53 running on EX, QFX and MX units. A crafted HTTP packet can ...

CVE-2019-0001

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect