A Vulnerability in Juniper Junos Could Allow for Remote Code Execution

A Vulnerability in Juniper Junos Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2019-008

DATE(S) ISSUED:

01/22/2019

OVERVIEW:

A vulnerability has been discovered in Juniper Junos, which could allow for remote code execution. The Junos operating system is a network operating system for routing, switching, and security. Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Juniper Junos 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms

  • Juniper Junos 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms

  • Juniper Junos 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.

RISK:

Government:

  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:

  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:

LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in Juniper Junos, which could allow for remote code execution. Specifically, a certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. An attacker can exploit this issue to cause the fxpc daemon to crash or may potentially lead to remote code execution.

Successful exploitation of the vulnerability could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Juniper to vulnerable systems immediately after appropriate testing.

  • Disable all unnecessary services.

  • Restrict access to devices and applications from only authorized users and hosts.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Juniper:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10906

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0006

More information
https://www.cisecurity.org/advisory/a-vulnerability-in-juniper-junos-could-allo…