cvelistv5 - cve-2019-5599

CVE-2019-5599 (GCVE-0-2019-5599)

Vulnerability from cvelistv5

Published

2019-07-02 20:02

Modified

2024-08-04 20:01

Severity ?

CWE

Kernel resource exhaustion in network stack

Summary

In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2019/06/17/5	mailing-list, x_refsource_MLIST
	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md	x_refsource_MISC
	http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html	x_refsource_MISC
	https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.kb.cert.org/vuls/id/905115	third-party-advisory, x_refsource_CERT-VN
	https://seclists.org/bugtraq/2019/Jun/27	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html	x_refsource_MISC
	https://support.f5.com/csp/article/K75521003	x_refsource_MISC
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190625-0004/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	FreeBSD	Version: FreeBSD 12.0 before 12.0-RELEASE-p6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
          },
          {
            "name": "FreeBSD-SA-19:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
          },
          {
            "name": "VU#905115",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/905115"
          },
          {
            "name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/27"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K75521003"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FreeBSD 12.0 before 12.0-RELEASE-p6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Kernel resource exhaustion in network stack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-02T20:09:11.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
        },
        {
          "name": "FreeBSD-SA-19:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
        },
        {
          "name": "VU#905115",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/905115"
        },
        {
          "name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/27"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K75521003"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2019-5599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FreeBSD 12.0 before 12.0-RELEASE-p6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Kernel resource exhaustion in network stack"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
            },
            {
              "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
              "refsource": "MISC",
              "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
            },
            {
              "name": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
            },
            {
              "name": "FreeBSD-SA-19:08",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
            },
            {
              "name": "VU#905115",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/905115"
            },
            {
              "name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/27"
            },
            {
              "name": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K75521003",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K75521003"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
              "refsource": "MISC",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0004/",
              "refsource": "MISC",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2019-5599",
    "datePublished": "2019-07-02T20:02:17.000Z",
    "dateReserved": "2019-01-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:01:51.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2019-AVI-298

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Traps versions antérieures à 5.0.5
Palo Alto Networks	PAN-OS	PAN-OS versions 8.0.x antérieures à 8.0.19
Palo Alto Networks	PAN-OS	PAN-OS versions antérieures à 7.1.24
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.8-h5
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x antérieures à 9.0.2-h4
Palo Alto Networks	N/A	MineMeld versions antérieures à 0.9.62

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto 153 du 27 juin 2019	None	vendor-advisory
Bulletin de sécurité Palo Alto 151 du 27 juin 2019	None	vendor-advisory
Bulletin de sécurité Palo Alto 152 du 27 juin 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Traps versions ant\u00e9rieures \u00e0 5.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.0.x ant\u00e9rieures \u00e0 8.0.19",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions ant\u00e9rieures \u00e0 7.1.24",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.8-h5",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.2-h4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "MineMeld versions ant\u00e9rieures \u00e0 0.9.62",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1577"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2019-5599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
    },
    {
      "name": "CVE-2019-1578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1578"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    }
  ],
  "initial_release_date": "2019-06-28T00:00:00",
  "last_revision_date": "2019-06-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-298",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection de\ncode indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 153 du 27 juin 2019",
      "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/153"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 151 du 27 juin 2019",
      "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/151"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto 152 du 27 juin 2019",
      "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/152"
    }
  ]
}

CERTFR-2020-AVI-645

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS NFX Series versions antérieures à 20.2R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions antérieures à 7.4.0
Juniper Networks	N/A	Juniper Networks Junos Space et Junos Space Security Director versions antérieures à 20.2R1
Juniper Networks	Junos OS	Junos OS MX series et EX9200 Series versions antérieures à 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2
Juniper Networks	Networks Junos OS Evolved	Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO
Juniper Networks	Junos OS	Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions antérieures à 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3
Juniper Networks	Junos OS	Junos OS SRX Series versions antérieures à 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2
Juniper Networks	Junos OS	Junos OS MX Series versions antérieures à 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11055 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11050 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11079 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11053 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11059 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11049 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11046 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11048 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11057 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11054 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11062 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11056 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11045 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11058 du 14 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11047 du 14 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS NFX Series versions ant\u00e9rieures \u00e0 20.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S16, 12.3X48-D105, 14.1X53-D53, 15.1R7-S8, 15.1X49-D220, 15.1X53-D593, 16.1R7-S8, 16.2R2-S11, 17.1R2-S11, 17.2R3-S4, 17.2X75-D45, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S10, 18.2R2-S7, 18.2R3S6, 18.2X75-D435, 18.3R1-S7, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS MX series et EX9200 Series versions ant\u00e9rieures \u00e0 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO",
      "product": {
        "name": "Networks Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS NFX150, SRX1500, SRX4100, SRX4200, vSRX versions ant\u00e9rieures \u00e0 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS SRX Series versions ant\u00e9rieures \u00e0 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS MX Series versions ant\u00e9rieures \u00e0 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1661"
    },
    {
      "name": "CVE-2020-7450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7450"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2019-15875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15875"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2008-6592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6592"
    },
    {
      "name": "CVE-2019-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
    },
    {
      "name": "CVE-2020-1657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1657"
    },
    {
      "name": "CVE-2020-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1682"
    },
    {
      "name": "CVE-2019-5599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5599"
    },
    {
      "name": "CVE-2013-7443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7443"
    },
    {
      "name": "CVE-2018-8740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
    },
    {
      "name": "CVE-2015-6607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6607"
    },
    {
      "name": "CVE-2018-20506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
    },
    {
      "name": "CVE-2018-20346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
    },
    {
      "name": "CVE-2015-5895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5895"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2020-10188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10188"
    },
    {
      "name": "CVE-2019-8457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
    },
    {
      "name": "CVE-2017-13685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13685"
    },
    {
      "name": "CVE-2019-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
    },
    {
      "name": "CVE-2008-6589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6589"
    },
    {
      "name": "CVE-2020-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1656"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2020-1665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1665"
    },
    {
      "name": "CVE-2016-6153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6153"
    },
    {
      "name": "CVE-2015-3717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3717"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2017-15286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15286"
    },
    {
      "name": "CVE-2020-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1660"
    },
    {
      "name": "CVE-2019-6593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6593"
    },
    {
      "name": "CVE-2008-6593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6593"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2008-6590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6590"
    },
    {
      "name": "CVE-2019-5610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5610"
    },
    {
      "name": "CVE-2019-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
    },
    {
      "name": "CVE-2017-10989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
    },
    {
      "name": "CVE-2020-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1662"
    },
    {
      "name": "CVE-2018-20505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
    }
  ],
  "initial_release_date": "2020-10-15T00:00:00",
  "last_revision_date": "2020-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-645",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11055 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11055\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11050 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11050\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11079 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11079\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11053 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11053\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11059 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11059\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11049 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11049\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11046 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11046\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11048 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11048\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11057 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11057\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11054 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11054\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11062 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11062\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11056 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11056\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11045 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11045\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11058 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11058\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11047 du 14 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11047\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-5599 (GCVE-0-2019-5599)

Vulnerability from cvelistv5

CERTFR-2019-AVI-298

Vulnerability from certfr_avis

Solution

CERTFR-2020-AVI-645

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature