CVE-2019-0039
Published Apr 10, 2019
Last updated 9 months ago
Overview
- Description
- If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.
- Source
- sirt@juniper.net
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7194A5C-0D60-4C68-A57C-D5530527614A",
"versionEndExcluding": "14.1x53-d49",
"versionStartIncluding": "14.1x53"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "726135BA-5560-4647-BB24-7221E8A4DBD6",
"versionEndExcluding": "15.1f6-s12",
"versionStartIncluding": "15.1"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB7EB3CE-3A12-42FD-88DC-A229BF13E7E1",
"versionEndExcluding": "15.1x49-d160",
"versionStartIncluding": "15.1x49"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5831A1E3-28FA-4CA8-B5D9-9EC4B8495F7A",
"versionEndExcluding": "15.1x53-d236",
"versionStartIncluding": "15.1x53"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03005799-99CA-4148-89E5-28A2DF7A0022",
"versionEndExcluding": "16.1r3-s10",
"versionStartIncluding": "16.1"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1F1A2ED-FAD2-450F-BCD5-836C9E7E5785",
"versionEndExcluding": "16.1x65-d49",
"versionStartIncluding": "16.1x65"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "591749AA-10FC-469E-9BDB-027F90230D92",
"versionEndExcluding": "16.2r2-s7",
"versionStartIncluding": "16.2"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D0D1ACA-B8CF-4C83-A683-59A8A25C7A80",
"versionEndExcluding": "17.1r2-s10",
"versionStartIncluding": "17.1"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "987B91FE-3EFB-408B-9CC7-CAFBE826EB88",
"versionEndExcluding": "17.2r1-s8",
"versionStartIncluding": "17.2"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C4AA7DC-A6B0-4E19-9C61-FB54228779EC",
"versionEndExcluding": "17.3r3-s2",
"versionStartIncluding": "17.3"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9999C99-68FA-4D7C-954A-BC7A3B19D46E",
"versionEndExcluding": "17.4r1-s6",
"versionStartIncluding": "17.4"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F7B64CD-B278-4A1B-82D5-7B7EA6821234",
"versionEndExcluding": "18.1r2-s4",
"versionStartIncluding": "18.1"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E1FEA3F-57FE-4B3D-A517-8D6EAD8844F9",
"versionEndExcluding": "18.2r1-s5",
"versionStartIncluding": "18.2"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C8FC105-3629-43BC-BDF8-8ADEACC7C76F",
"versionEndExcluding": "18.2x75-d30",
"versionStartIncluding": "18.2x75"
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2220DA95-2D2E-487B-8907-4E692B2489C7",
"versionEndExcluding": "18.3r1-s1",
"versionStartIncluding": "18.3"
}
],
"operator": "OR"
}
]
}
]