Knowledge Search


×
 

2019-01 Security Bulletin: Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability (CVE-2019-0007)

  [JSA10903] Show Article Properties


Product Affected:
This issue affects Junos OS 15.1. Affected platforms: vMX Series.
Problem:

The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack.

This issue was found during internal product security testing.

Affected releases are Juniper Networks Junos OS:

  • 15.1 versions prior to 15.1F5 on vMX Series.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was found during internal product security testing or research.

This issue has been assigned CVE-2019-0007.

Solution:

The following software releases have been updated to resolve this specific issue: 15.1F5, and all subsequent releases.

This issue is being tracked as PR 1140895 which is visible on the Customer Support website.

Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).

Workaround:

When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.

Deny incoming packets with invalid source addresses From reaching the device.

Utilize egress filtering to prevent invalid / spoofed packets from leaving your network(s).

Enable stateful firewall filters where possible.

Utilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks.

Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
Modification History:
2019-01-09: Initial Publication.
Related Links:
CVSS Score:
9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H)
Risk Level:
Critical
Risk Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."