CVE-2019-0020
Published Jan 15, 2019
Last updated 5 years ago
Overview
- Description
- Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
- Source
- sirt@juniper.net
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0"
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]