CVE-2019-0039

Published Apr 10, 2019

Last updated a year ago

CVSS high 8.1

Overview

Description: If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-307
sirt@juniper.net: CWE-307

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7194A5C-0D60-4C68-A57C-D5530527614A",
            "versionEndExcluding": "14.1x53-d49",
            "versionStartIncluding": "14.1x53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "726135BA-5560-4647-BB24-7221E8A4DBD6",
            "versionEndExcluding": "15.1f6-s12",
            "versionStartIncluding": "15.1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB7EB3CE-3A12-42FD-88DC-A229BF13E7E1",
            "versionEndExcluding": "15.1x49-d160",
            "versionStartIncluding": "15.1x49"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5831A1E3-28FA-4CA8-B5D9-9EC4B8495F7A",
            "versionEndExcluding": "15.1x53-d236",
            "versionStartIncluding": "15.1x53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03005799-99CA-4148-89E5-28A2DF7A0022",
            "versionEndExcluding": "16.1r3-s10",
            "versionStartIncluding": "16.1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1F1A2ED-FAD2-450F-BCD5-836C9E7E5785",
            "versionEndExcluding": "16.1x65-d49",
            "versionStartIncluding": "16.1x65"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "591749AA-10FC-469E-9BDB-027F90230D92",
            "versionEndExcluding": "16.2r2-s7",
            "versionStartIncluding": "16.2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D0D1ACA-B8CF-4C83-A683-59A8A25C7A80",
            "versionEndExcluding": "17.1r2-s10",
            "versionStartIncluding": "17.1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "987B91FE-3EFB-408B-9CC7-CAFBE826EB88",
            "versionEndExcluding": "17.2r1-s8",
            "versionStartIncluding": "17.2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C4AA7DC-A6B0-4E19-9C61-FB54228779EC",
            "versionEndExcluding": "17.3r3-s2",
            "versionStartIncluding": "17.3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9999C99-68FA-4D7C-954A-BC7A3B19D46E",
            "versionEndExcluding": "17.4r1-s6",
            "versionStartIncluding": "17.4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7B64CD-B278-4A1B-82D5-7B7EA6821234",
            "versionEndExcluding": "18.1r2-s4",
            "versionStartIncluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E1FEA3F-57FE-4B3D-A517-8D6EAD8844F9",
            "versionEndExcluding": "18.2r1-s5",
            "versionStartIncluding": "18.2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C8FC105-3629-43BC-BDF8-8ADEACC7C76F",
            "versionEndExcluding": "18.2x75-d30",
            "versionStartIncluding": "18.2x75"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2220DA95-2D2E-487B-8907-4E692B2489C7",
            "versionEndExcluding": "18.3r1-s1",
            "versionStartIncluding": "18.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References