Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail

Disclosure Date: July 11, 2019
CVE-2019-0048 CVSS v3 Base Score: 5.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command ‘show firewall filter’ can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.8 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Junos OS 14.1X53 versions prior to 14.1X53-D51 and 14.1X53-D115 on EX4300 Series
Junos OS 17.1 versions prior to 17.1R3 on EX4300 Series
Junos OS 17.2 versions prior to 17.2R3-S2 on EX4300 Series
Junos OS 17.3 versions prior to 17.3R3-S3 on EX4300 Series
Junos OS 17.4 versions prior to 17.4R2-S5 and 17.4R3 on EX4300 Series
Junos OS 18.1 versions prior to 18.1R3-S1 on EX4300 Series
Junos OS 18.2 versions prior to 18.2R2 on EX4300 Series
Junos OS 18.3 versions prior to 18.3R2 on EX4300 Series
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • juniper

Products

  • junos 14.1x53,
  • junos 17.1,
  • junos 17.2,
  • junos 17.3,
  • junos 17.4,
  • junos 18.1,
  • junos 18.2,
  • junos 18.3

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis