ID

VAR-201904-1546


CVE

CVE-2019-0039


TITLE

Juniper Networks Junos OS Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003415

DESCRIPTION

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1. Juniper Networks Junos OS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to an authentication-bypass vulnerability because it fails to protect against brute-force attacks. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the system. Successfully exploiting this issue may lead to further attacks. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS. The following versions are affected: Juniper Networks Junos OS Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.1X65, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2 Version, 18.2X75 version, 18.3 version

Trust: 1.98

sources: NVD: CVE-2019-0039 // JVNDB: JVNDB-2019-003415 // BID: 107899 // VULHUB: VHN-140070

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:ltversion:15.1x49-d160

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:16.1r3-s10

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:18.2x75

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:15.1x53-d236

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:16.1x65-d49

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:16.1x65

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:18.2r1-s5

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:18.3r1-s1

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:17.4r1-s6

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:18.1r2-s4

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:17.1r2-s10

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:17.2r1-s8

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:17.3r3-s2

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:15.1f6-s12

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:18.2x75-d30

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:16.2r2-s7

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:14.1x53-d49

Trust: 1.0

vendor:junipermodel:junosscope:gteversion:18.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 18.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 0.3

vendor:junipermodel:junos 18.2r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 18.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3rscope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.2rscope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 0.3

vendor:junipermodel:junos 16.1x65-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1x65-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1x65-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:16.1x65

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d68scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d67scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d64scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d63scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d62scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d59scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d58scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d49scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d31scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d235scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d234scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d233scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d232scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d230scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d105scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d90scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d80scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d150scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d140scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d131scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d130scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d120scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d110scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d101scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s19scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1a2scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d48scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d47scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d44scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d42scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 0.3

vendor:junipermodel:junos 18.4r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.3r1-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2x75-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.2r1-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 18.1r2-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r2-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.4r1-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.3r3-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r3-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1x65-d49scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r7-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r6-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d69scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d591scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d495scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d236scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d160scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d49scope:neversion: -

Trust: 0.3

sources: BID: 107899 // JVNDB: JVNDB-2019-003415 // NVD: CVE-2019-0039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0039
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0039
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0039
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-550
value: HIGH

Trust: 0.6

VULHUB: VHN-140070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0039
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140070
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0039
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0039
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-0039
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140070 // JVNDB: JVNDB-2019-003415 // CNNVD: CNNVD-201904-550 // NVD: CVE-2019-0039 // NVD: CVE-2019-0039

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-140070 // JVNDB: JVNDB-2019-003415 // NVD: CVE-2019-0039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-550

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-550

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003415

PATCH

title:JSA10928url:https://kb.juniper.net/JSA10928

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91365

Trust: 0.6

sources: JVNDB: JVNDB-2019-003415 // CNNVD: CNNVD-201904-550

EXTERNAL IDS

db:NVDid:CVE-2019-0039

Trust: 2.8

db:BIDid:107899

Trust: 2.0

db:JUNIPERid:JSA10928

Trust: 2.0

db:JVNDBid:JVNDB-2019-003415

Trust: 0.8

db:CNNVDid:CNNVD-201904-550

Trust: 0.7

db:AUSCERTid:ESB-2019.1266

Trust: 0.6

db:VULHUBid:VHN-140070

Trust: 0.1

sources: VULHUB: VHN-140070 // BID: 107899 // JVNDB: JVNDB-2019-003415 // CNNVD: CNNVD-201904-550 // NVD: CVE-2019-0039

REFERENCES

url:http://www.securityfocus.com/bid/107899

Trust: 2.3

url:https://kb.juniper.net/jsa10928

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-0039

Trust: 1.4

url:https://www.juniper.net/us/en/

Trust: 0.9

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10928&actp=rss

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0039

Trust: 0.8

url:http://kb.juniper.net/infocenter/index

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-privilege-escalation-via-rest-api-brute-force-29017

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78978

Trust: 0.6

sources: VULHUB: VHN-140070 // BID: 107899 // JVNDB: JVNDB-2019-003415 // CNNVD: CNNVD-201904-550 // NVD: CVE-2019-0039

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 107899

SOURCES

db:VULHUBid:VHN-140070
db:BIDid:107899
db:JVNDBid:JVNDB-2019-003415
db:CNNVDid:CNNVD-201904-550
db:NVDid:CVE-2019-0039

LAST UPDATE DATE

2024-08-14T13:26:39.792000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140070date:2020-09-29T00:00:00
db:BIDid:107899date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003415date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-550date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0039date:2024-02-09T03:16:30.397

SOURCES RELEASE DATE

db:VULHUBid:VHN-140070date:2019-04-10T00:00:00
db:BIDid:107899date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003415date:2019-05-16T00:00:00
db:CNNVDid:CNNVD-201904-550date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0039date:2019-04-10T20:29:00.850