Sign-up

ID

VAR-201910-1668


CVE

CVE-2019-0061


TITLE

Juniper Networks Junos OS Vulnerabilities in permissions management

Trust: 0.8

sources: JVNDB: JVNDB-2019-011164

DESCRIPTION

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. Juniper Networks Junos OS Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS due to an improper configuration of internal sockets. The following products and versions are affected: Juniper Networks Junos OS Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.3, Release 18.4

Trust: 1.71

sources: NVD: CVE-2019-0061 // JVNDB: JVNDB-2019-011164 // VULHUB: VHN-140092

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011164 // NVD: CVE-2019-0061

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0061
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0061
value: HIGH

Trust: 1.0

NVD: CVE-2019-0061
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-603
value: HIGH

Trust: 0.6

VULHUB: VHN-140092
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-0061
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140092
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0061
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2019-0061
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140092 // JVNDB: JVNDB-2019-011164 // CNNVD: CNNVD-201910-603 // NVD: CVE-2019-0061 // NVD: CVE-2019-0061

PROBLEMTYPE DATA

problemtype:CWE-657

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-011164 // NVD: CVE-2019-0061

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-603

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-603

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011164

PATCH
title:JSA10960url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10960&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99247
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011164 // 
            
            
            
            CNNVD: CNNVD-201910-603

EXTERNAL IDS
db:NVDid:CVE-2019-0061
Trust: 2.5
db:JUNIPERid:JSA10960
Trust: 1.7
db:JVNDBid:JVNDB-2019-011164
Trust: 0.8
db:CNNVDid:CNNVD-201910-603
Trust: 0.7
db:AUSCERTid:ESB-2019.3796
Trust: 0.6
db:AUSCERTid:ESB-2019.3796.2
Trust: 0.6
db:VULHUBid:VHN-140092
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140092 // 
            
            
            
            JVNDB: JVNDB-2019-011164 // 
            
            
            
            CNNVD: CNNVD-201910-603 // 
            
            
            
            NVD: CVE-2019-0061

REFERENCES
url:https://kb.juniper.net/jsa10960
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0061
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0061
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10960
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-privilege-escalation-via-mgd-30577
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3796.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3796/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140092 // 
            
            
            
            JVNDB: JVNDB-2019-011164 // 
            
            
            
            CNNVD: CNNVD-201910-603 // 
            
            
            
            NVD: CVE-2019-0061

SOURCES
db:VULHUBid:VHN-140092
db:JVNDBid:JVNDB-2019-011164
db:CNNVDid:CNNVD-201910-603
db:NVDid:CVE-2019-0061

LAST UPDATE DATE
2024-11-23T21:36:33.654000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140092date:2020-09-29T00:00:00
db:JVNDBid:JVNDB-2019-011164date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-603date:2020-09-30T00:00:00
db:NVDid:CVE-2019-0061date:2024-11-21T04:16:09.877

SOURCES RELEASE DATE
db:VULHUBid:VHN-140092date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011164date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-603date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0061date:2019-10-09T20:15:17.097