Details of VAR-201910-1650

ID

VAR-201910-1650

CVE

CVE-2019-0062

TITLE

Juniper Networks Junos OS Session fixation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011165

DESCRIPTION

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2. Juniper Networks Junos OS Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. An authorization issue vulnerability exists in Juniper Networks Junos OS. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4 , Version 18.1, Version 18.2, Version 18.3, Version 18.4, Version 19.1

Trust: 1.71

sources: NVD: CVE-2019-0062 // JVNDB: JVNDB-2019-011165 // VULHUB: VHN-140093

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-011165 // NVD: CVE-2019-0062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0062
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2019-0062
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-582
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140093
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0062
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140093
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0062
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2019-0062
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0062
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-140093 // JVNDB: JVNDB-2019-011165 // CNNVD: CNNVD-201910-582 // NVD: CVE-2019-0062 // NVD: CVE-2019-0062

PROBLEMTYPE DATA

problemtype:

CWE-384

Trust: 1.9

sources: VULHUB: VHN-140093 // JVNDB: JVNDB-2019-011165 // NVD: CVE-2019-0062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-582

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-582

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011165

PATCH

title:	JSA10961	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10961&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99226	Trust: 0.6

sources: JVNDB: JVNDB-2019-011165 // CNNVD: CNNVD-201910-582

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0062	Trust: 2.5
db:	JUNIPER	id:	JSA10961	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-011165	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-582	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3797	Trust: 0.6
db:	VULHUB	id:	VHN-140093	Trust: 0.1

sources: VULHUB: VHN-140093 // JVNDB: JVNDB-2019-011165 // CNNVD: CNNVD-201910-582 // NVD: CVE-2019-0062

REFERENCES

url:	https://kb.juniper.net/jsa10961	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0062	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0062	Trust: 0.8
url:	https://vigilance.fr/vulnerability/junos-os-privilege-escalation-via-j-web-session-fixation-30578	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3797/	Trust: 0.6

sources: VULHUB: VHN-140093 // JVNDB: JVNDB-2019-011165 // CNNVD: CNNVD-201910-582 // NVD: CVE-2019-0062

SOURCES

db:	VULHUB	id:	VHN-140093
db:	JVNDB	id:	JVNDB-2019-011165
db:	CNNVD	id:	CNNVD-201910-582
db:	NVD	id:	CVE-2019-0062

LAST UPDATE DATE

2024-08-14T15:33:47.279000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140093	date:	2020-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-011165	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-582	date:	2020-07-23T00:00:00
db:	NVD	id:	CVE-2019-0062	date:	2021-02-05T16:48:54.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140093	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-011165	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-582	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-0062	date:	2019-10-09T20:15:17.223