November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Red Hat Update for flash-plugin – Information Disclosure Vulnerabilities
April 11, 2019Rewterz Threat Advisory – Juniper SRX Series Proxy ARP Denial of Service Vulnerability
April 11, 2019Rewterz Threat Advisory – Red Hat Update for flash-plugin – Information Disclosure Vulnerabilities
April 11, 2019Rewterz Threat Advisory – Juniper SRX Series Proxy ARP Denial of Service Vulnerability
April 11, 2019
Severity
Medium
Analysis Summary
CVE-2019-0036
When configuring a stateless firewall filter in Junos OS, terms named using the format “internal-n” (e.g. “internal-1”, “internal-2”, etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results.
Impact
Security Bypass
Affected Vendors
Juniper
Affected Products
- Juniper Junos OS 12.12.3 and prior
- Juniper Junos OS 14.14.1X53 prior to 14.1X53-D130 and 14.1X53-D49
- Juniper Junos OS 15.15.1 prior to 15.1F6-S12 and 15.1R7-S4
- 15.1X49 prior to 15.1X49-D161 and 15.1X49-D170
- and 15.1X53 prior to 15.1X53-D236
- 15.1X53-D496 and 15.1X53-D69.
Remediation
Update or upgrade to version
14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D161, 15.1X49-D170, 15.1X53-D236, 15.1X53-D496, or 15.1X53-D69.