ID

VAR-201910-1660


CVE

CVE-2019-0073


TITLE

Juniper Networks Junos OS Vulnerable to improper assignment of critical resources

Trust: 0.8

sources: JVNDB: JVNDB-2019-011010

DESCRIPTION

The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. Juniper Networks Junos OS Is vulnerable to improper assignment of permissions to critical resources.The information may be obtained and the information may be falsified. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to gain access to these files. The following products and versions are affected: Juniper Networks Junos OS Release 15.1X49, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.3, Release 18.4

Trust: 1.8

sources: NVD: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // VULHUB: VHN-140104 // VULMON: CVE-2019-0073

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011010 // NVD: CVE-2019-0073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0073
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0073
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0073
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-594
value: HIGH

Trust: 0.6

VULHUB: VHN-140104
value: LOW

Trust: 0.1

VULMON: CVE-2019-0073
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0073
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140104
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0073
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0073
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-0073
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140104 // VULMON: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // CNNVD: CNNVD-201910-594 // NVD: CVE-2019-0073 // NVD: CVE-2019-0073

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

problemtype:CWE-281

Trust: 1.1

sources: VULHUB: VHN-140104 // JVNDB: JVNDB-2019-011010 // NVD: CVE-2019-0073

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-594

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-594

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011010

PATCH

title:JSA10974url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10974&actp=METADATA

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99238

Trust: 0.6

sources: JVNDB: JVNDB-2019-011010 // CNNVD: CNNVD-201910-594

EXTERNAL IDS

db:NVDid:CVE-2019-0073

Trust: 2.6

db:JUNIPERid:JSA10974

Trust: 1.8

db:JVNDBid:JVNDB-2019-011010

Trust: 0.8

db:CNNVDid:CNNVD-201910-594

Trust: 0.7

db:VULHUBid:VHN-140104

Trust: 0.1

db:VULMONid:CVE-2019-0073

Trust: 0.1

sources: VULHUB: VHN-140104 // VULMON: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // CNNVD: CNNVD-201910-594 // NVD: CVE-2019-0073

REFERENCES

url:https://kb.juniper.net/jsa10974

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-0073

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0073

Trust: 0.8

url:https://vigilance.fr/vulnerability/junos-os-information-disclosure-via-pki-key-pairs-30589

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/281.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110404

Trust: 0.1

sources: VULHUB: VHN-140104 // VULMON: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // CNNVD: CNNVD-201910-594 // NVD: CVE-2019-0073

SOURCES

db:VULHUBid:VHN-140104
db:VULMONid:CVE-2019-0073
db:JVNDBid:JVNDB-2019-011010
db:CNNVDid:CNNVD-201910-594
db:NVDid:CVE-2019-0073

LAST UPDATE DATE

2024-08-14T15:43:33.493000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-140104date:2020-09-29T00:00:00
db:VULMONid:CVE-2019-0073date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2019-011010date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-594date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0073date:2021-02-05T16:48:54.243

SOURCES RELEASE DATE

db:VULHUBid:VHN-140104date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-0073date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011010date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-594date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0073date:2019-10-09T20:15:18.287