Sign-up

ID

VAR-201901-1634


CVE

CVE-2019-0015


TITLE

Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001744

DESCRIPTION

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. Junos OS Contains an authentication vulnerability.Information may be obtained and information may be altered. Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Juniper SRX Series is an SRX series firewall device of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it. Service Gateway is one of the service gateways. A security vulnerability exists in Service Gateway in Junos OS on Juniper SRX Series

Trust: 1.98

sources: NVD: CVE-2019-0015 // JVNDB: JVNDB-2019-001744 // BID: 106668 // VULHUB: VHN-140046

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:17.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.3r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:18.2r2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d150

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d75

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:17.4r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:18.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:17.3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d80scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d101scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d150scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d75scope:neversion: -

Trust: 0.3

sources: BID: 106668 // JVNDB: JVNDB-2019-001744 // NVD: CVE-2019-0015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0015
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0015
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0015
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-360
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140046
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0015
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140046
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0015
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0015
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140046 // JVNDB: JVNDB-2019-001744 // CNNVD: CNNVD-201901-360 // NVD: CVE-2019-0015 // NVD: CVE-2019-0015

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-140046 // JVNDB: JVNDB-2019-001744 // NVD: CVE-2019-0015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-360

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-360

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001744

PATCH
title:JSA10915url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10915&actp=METADATA
Trust: 0.8
title:Juniper SRX Series Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88533
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001744 // 
            
            
            
            CNNVD: CNNVD-201901-360

EXTERNAL IDS
db:NVDid:CVE-2019-0015
Trust: 2.8
db:JUNIPERid:JSA10915
Trust: 2.0
db:BIDid:106668
Trust: 2.0
db:JVNDBid:JVNDB-2019-001744
Trust: 0.8
db:CNNVDid:CNNVD-201901-360
Trust: 0.7
db:VULHUBid:VHN-140046
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140046 // 
            
            
            
            BID: 106668 // 
            
            
            
            JVNDB: JVNDB-2019-001744 // 
            
            
            
            CNNVD: CNNVD-201901-360 // 
            
            
            
            NVD: CVE-2019-0015

REFERENCES
url:http://www.securityfocus.com/bid/106668
Trust: 2.3
url:https://kb.juniper.net/jsa10915
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0015
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0015
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10915&actp=metadata
Trust: 0.3
sources:
            
            
            VULHUB: VHN-140046 // 
            
            
            
            BID: 106668 // 
            
            
            
            JVNDB: JVNDB-2019-001744 // 
            
            
            
            CNNVD: CNNVD-201901-360 // 
            
            
            
            NVD: CVE-2019-0015

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106668

SOURCES
db:VULHUBid:VHN-140046
db:BIDid:106668
db:JVNDBid:JVNDB-2019-001744
db:CNNVDid:CNNVD-201901-360
db:NVDid:CVE-2019-0015

LAST UPDATE DATE
2024-08-14T15:18:07.491000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140046date:2020-08-24T00:00:00
db:BIDid:106668date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001744date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201901-360date:2021-02-07T00:00:00
db:NVDid:CVE-2019-0015date:2021-11-09T21:22:42.533

SOURCES RELEASE DATE
db:VULHUBid:VHN-140046date:2019-01-15T00:00:00
db:BIDid:106668date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001744date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201901-360date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0015date:2019-01-15T21:29:01.417