CVE-2019-0042
Published Apr 10, 2019
Last updated 3 years ago
Overview
- Description
- Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.
- Source
- sirt@juniper.net
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.2
- Impact score
- 3.6
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 5.7
- Impact score
- 4.7
- Exploitability score
- 0.5
- Vector string
- CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 1.9
- Impact score
- 2.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- sirt@juniper.net
- CWE-305
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:identity_management_service:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "00195B94-8F8C-466E-BE59-F41061E9CC0D",
"versionEndExcluding": "1.1.4"
}
],
"operator": "OR"
}
]
}
]