CVE-2019-0067 MEDIUM

CVE-2019-0067: Junos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG)

Vendor Juniper Networks
Product Junos OS
Published October 9, 2019
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions.

Key dates

02Disclosure timeline

October 9, 2019 CVE published
September 16, 2024 Record updated