Sign-up

ID

VAR-201904-1497


CVE

CVE-2019-0035


TITLE

Juniper Networks Junos OS Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003437

DESCRIPTION

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1. Juniper Networks Junos OS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.1X65, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75 Version, version 18.3

Trust: 1.71

sources: NVD: CVE-2019-0035 // JVNDB: JVNDB-2019-003437 // VULHUB: VHN-140066

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1x65

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-003437 // NVD: CVE-2019-0035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0035
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0035
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0035
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-566
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140066
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0035
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140066
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2019-0035
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0035
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-140066 // JVNDB: JVNDB-2019-003437 // CNNVD: CNNVD-201904-566 // NVD: CVE-2019-0035 // NVD: CVE-2019-0035

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-501

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-140066 // JVNDB: JVNDB-2019-003437 // NVD: CVE-2019-0035

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-566

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003437

PATCH
title:JSA10924url:https://kb.juniper.net/JSA10924
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91381
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003437 // 
            
            
            
            CNNVD: CNNVD-201904-566

EXTERNAL IDS
db:NVDid:CVE-2019-0035
Trust: 2.5
db:JUNIPERid:JSA10924
Trust: 1.7
db:JVNDBid:JVNDB-2019-003437
Trust: 0.8
db:CNNVDid:CNNVD-201904-566
Trust: 0.7
db:AUSCERTid:ESB-2019.1266
Trust: 0.6
db:VULHUBid:VHN-140066
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140066 // 
            
            
            
            JVNDB: JVNDB-2019-003437 // 
            
            
            
            CNNVD: CNNVD-201904-566 // 
            
            
            
            NVD: CVE-2019-0035

REFERENCES
url:https://kb.juniper.net/jsa10924
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0035
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0035
Trust: 0.8
url:http://kb.juniper.net/infocenter/index
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-privilege-escalation-via-oam-volumes-password-recovery-29013
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78978
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140066 // 
            
            
            
            JVNDB: JVNDB-2019-003437 // 
            
            
            
            CNNVD: CNNVD-201904-566 // 
            
            
            
            NVD: CVE-2019-0035

SOURCES
db:VULHUBid:VHN-140066
db:JVNDBid:JVNDB-2019-003437
db:CNNVDid:CNNVD-201904-566
db:NVDid:CVE-2019-0035

LAST UPDATE DATE
2024-08-14T13:26:39.727000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140066date:2020-09-29T00:00:00
db:JVNDBid:JVNDB-2019-003437date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-566date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0035date:2021-02-05T16:48:54.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-140066date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003437date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-566date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0035date:2019-04-10T20:29:00.710