What is CVE-2019-0048?

CVE-2019-0048 is a medium-severity vulnerability in Juniper Ex4300-24p, classified under Information Disclosure. CVSS score: 5.8/10. Published 2019-07-11.

How severe is CVE-2019-0048?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Information disclosure in Juniper Ex4300-24p

CVE-2019-0048

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly…

Vulnerability class: Information Disclosure

EPSS: 0.010 (57.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Juniper Ex4300-24p
Juniper Ex4300-24p-s
Juniper Ex4300-24t
Juniper Ex4300-24t-s
Juniper Ex4300-32f
Juniper Ex4300-32f-dc
Juniper Ex4300-32f-s
Juniper Ex4300-48mp
Juniper Ex4300-48mp-s
Juniper Ex4300-48p

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

sirt@juniper.net (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2019-0048?: CVE-2019-0048 is a medium-severity vulnerability in Juniper Ex4300-24p, classified under Information Disclosure. CVSS score: 5.8/10. Published 2019-07-11.
How severe is CVE-2019-0048?: Medium severity. CVSS v3 base score is 5.8 out of 10.