Sign-up

ID

VAR-201910-1660


CVE

CVE-2019-0073


TITLE

Juniper Networks Junos OS Vulnerable to improper assignment of critical resources

Trust: 0.8

sources: JVNDB: JVNDB-2019-011010

DESCRIPTION

The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. Juniper Networks Junos OS Is vulnerable to improper assignment of permissions to critical resources.The information may be obtained and the information may be falsified. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to gain access to these files. The following products and versions are affected: Juniper Networks Junos OS Release 15.1X49, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.3, Release 18.4

Trust: 1.8

sources: NVD: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // VULHUB: VHN-140104 // VULMON: CVE-2019-0073

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011010 // NVD: CVE-2019-0073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0073
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0073
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0073
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-594
value: HIGH

Trust: 0.6

VULHUB: VHN-140104
value: LOW

Trust: 0.1

VULMON: CVE-2019-0073
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0073
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140104
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0073
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0073
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-0073
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140104 // VULMON: CVE-2019-0073 // JVNDB: JVNDB-2019-011010 // CNNVD: CNNVD-201910-594 // NVD: CVE-2019-0073 // NVD: CVE-2019-0073

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

problemtype:CWE-281

Trust: 1.1

sources: VULHUB: VHN-140104 // JVNDB: JVNDB-2019-011010 // NVD: CVE-2019-0073

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-594

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011010

PATCH
title:JSA10974url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10974&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99238
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011010 // 
            
            
            
            CNNVD: CNNVD-201910-594

EXTERNAL IDS
db:NVDid:CVE-2019-0073
Trust: 2.6
db:JUNIPERid:JSA10974
Trust: 1.8
db:JVNDBid:JVNDB-2019-011010
Trust: 0.8
db:CNNVDid:CNNVD-201910-594
Trust: 0.7
db:VULHUBid:VHN-140104
Trust: 0.1
db:VULMONid:CVE-2019-0073
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140104 // 
            
            
            
            VULMON: CVE-2019-0073 // 
            
            
            
            JVNDB: JVNDB-2019-011010 // 
            
            
            
            CNNVD: CNNVD-201910-594 // 
            
            
            
            NVD: CVE-2019-0073

REFERENCES
url:https://kb.juniper.net/jsa10974
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0073
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0073
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-information-disclosure-via-pki-key-pairs-30589
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/281.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110404
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140104 // 
            
            
            
            VULMON: CVE-2019-0073 // 
            
            
            
            JVNDB: JVNDB-2019-011010 // 
            
            
            
            CNNVD: CNNVD-201910-594 // 
            
            
            
            NVD: CVE-2019-0073

SOURCES
db:VULHUBid:VHN-140104
db:VULMONid:CVE-2019-0073
db:JVNDBid:JVNDB-2019-011010
db:CNNVDid:CNNVD-201910-594
db:NVDid:CVE-2019-0073

LAST UPDATE DATE
2024-11-23T21:51:51.496000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140104date:2020-09-29T00:00:00
db:VULMONid:CVE-2019-0073date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2019-011010date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-594date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0073date:2024-11-21T04:16:11.720

SOURCES RELEASE DATE
db:VULHUBid:VHN-140104date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-0073date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011010date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-594date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0073date:2019-10-09T20:15:18.287