All the vulnerabilites related to juniper - atp700
cve-2019-0027
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365605"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0027",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365605"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0027",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-17T00:21:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0024
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365606"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0024",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365606"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0024",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T20:32:19.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0025
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365609"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0025",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365609"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0025",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-17T00:21:45.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0029
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 22:03
Severity ?
EPSS score ?
Summary
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE - 256 : Plaintext Storage of a Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change the Splunk credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365601"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Splunk credentials are in logged in clear text",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0029",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Splunk credentials are in logged in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE - 256 : Plaintext Storage of a Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change the Splunk credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365601"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0029",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T22:03:43.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0026
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365617"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0026",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365617"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0026",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T16:59:13.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0018
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365584"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0018",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365584"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0018",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T18:39:46.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0021
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 20:48
Severity ?
EPSS score ?
Summary
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.4",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper ATP, secret passphrase CLI inputs, such as \"set mcm\", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 - Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.4 and all subsequent releases.\nIt is also recommended to purge the affected log files and/or change the passphrase after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365676"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0021",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper ATP, secret passphrase CLI inputs, such as \"set mcm\", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 - Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.4 and all subsequent releases.\nIt is also recommended to purge the affected log files and/or change the passphrase after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365676"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0021",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T20:48:00.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0004
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 - Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is also recommended to change the device key after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365691"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: API and device keys are logged in a world-readable permissions file",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0004",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: API and device keys are logged in a world-readable permissions file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 - Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is also recommended to change the device key after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365691"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0004",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T16:17:26.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-0289
Vulnerability from cvelistv5
Published
2021-07-15 20:01
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11191 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 5.6R1 < 5.6* Version: 15.1 < 15.1R7-S10 Version: 16.1R1 < 16.1* Version: 16.2R1 < 16.2* Version: 17.1R1 < 17.1* Version: 17.2R1 < 17.2* Version: 17.3R1 < 17.3* Version: 17.4R1 < 17.4* Version: 18.1R1 < 18.1* Version: 18.2R1 < 18.2* Version: 18.3R1 < 18.3* Version: 18.4 < 18.4R2-S9, 18.4R3-S9 Version: 19.4 < 19.4R3-S3 Version: 20.1 < 20.1R3 Version: 20.2 < 20.2R3-S2 Version: 20.3R1 < 20.3* Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.6R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.6*",
"status": "affected",
"version": "5.6R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "15.1F1",
"status": "affected"
}
],
"lessThan": "15.1R7-S10",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R1",
"versionType": "custom"
},
{
"lessThan": "16.2*",
"status": "affected",
"version": "16.2R1",
"versionType": "custom"
},
{
"lessThan": "17.1*",
"status": "affected",
"version": "17.1R1",
"versionType": "custom"
},
{
"lessThan": "17.2*",
"status": "affected",
"version": "17.2R1",
"versionType": "custom"
},
{
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R1",
"versionType": "custom"
},
{
"lessThan": "17.4*",
"status": "affected",
"version": "17.4R1",
"versionType": "custom"
},
{
"lessThan": "18.1*",
"status": "affected",
"version": "18.1R1",
"versionType": "custom"
},
{
"lessThan": "18.2*",
"status": "affected",
"version": "18.2R1",
"versionType": "custom"
},
{
"lessThan": "18.3*",
"status": "affected",
"version": "18.3R1",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R1",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "18.4R1",
"status": "affected"
}
],
"lessThan": "18.4R2-S9, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "unaffected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R1",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "Any"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "First in config CLI mode check that is there any user ARP policers configured on an ae interface:\n\n show configuration | display set | match jtac-arp\n set groups jtac-arp-policer interfaces ae5 unit \u003c*\u003e family inet policer arp jtac-arp \u003c\u003c\u003c this shows user arp policer configured on all ae interfaces\n\nNext validate which ARP policer is installed by using the operational cli command:\n\n\u201cshow interfaces extensive | match policer\u201d\n show interfaces extensive | match policer\n Policer: Input: __default_arp_policer__ \u003c\u003c\u003c incorrect if user arp policer was applied on ae interface and default arp policer is displayed\n Policer: Input: jtac-arp-ae5.317-inet-arp \u003c\u003c\u003c correct if user arp policer was applied on ae interface"
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command \"show interfaces \u003c\u003e extensive\" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ \u003c\u003c\u003c incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp \u003c\u003c\u003c correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:01:05",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11191"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: For all platforms, except SRX Series, using Junos OS 15.1R7-S10, 18.4R2-S9, 18.4R3-S9, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases. On SRX series using Junos OS 18.4R2-S9, 18.4R3-S9, 19.4R3-S4. 20.1R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11191",
"defect": [
"1528403"
],
"discovery": "USER"
},
"title": "Junos OS: User-defined ARP Policer isn\u0027t applied on Aggregated Ethernet (AE) interface until firewall process is restarted",
"workarounds": [
{
"lang": "en",
"value": "There is no workaround for this issue. \n\nIf affected by this issue, to recover from its impact, restart the firewall process to update the ARP Policer on the AE interface unit(s). \nFrom the CLI issue: \n\n cli\u003e restart firewall \n\nNote: no side effects on firewall restart shall be seen when issuing this command."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0289",
"STATE": "PUBLIC",
"TITLE": "Junos OS: User-defined ARP Policer isn\u0027t applied on Aggregated Ethernet (AE) interface until firewall process is restarted"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5.6",
"version_value": "5.6R1"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S10"
},
{
"version_affected": "\u003e=",
"version_name": "15.1",
"version_value": "15.1F1"
},
{
"version_affected": "\u003e=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"version_affected": "\u003e=",
"version_name": "16.2",
"version_value": "16.2R1"
},
{
"version_affected": "\u003e=",
"version_name": "17.1",
"version_value": "17.1R1"
},
{
"version_affected": "\u003e=",
"version_name": "17.2",
"version_value": "17.2R1"
},
{
"version_affected": "\u003e=",
"version_name": "17.3",
"version_value": "17.3R1"
},
{
"version_affected": "\u003e=",
"version_name": "17.4",
"version_value": "17.4R1"
},
{
"version_affected": "\u003e=",
"version_name": "18.1",
"version_value": "18.1R1"
},
{
"version_affected": "\u003e=",
"version_name": "18.2",
"version_value": "18.2R1"
},
{
"version_affected": "\u003e=",
"version_name": "18.3",
"version_value": "18.3R1"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003e=",
"version_name": "20.3",
"version_value": "20.3R1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
},
{
"version_affected": "!\u003c",
"version_value": "5.6R1"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "SRX Series",
"version_affected": "!\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"platform": "SRX Series",
"version_affected": "\u003e=",
"version_name": "20.3",
"version_value": "20.3R1"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
},
{
"platform": "SRX Series",
"version_affected": "!\u003c",
"version_name": "18.4",
"version_value": "18.4R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!",
"version_name": "Any",
"version_value": "Any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "First in config CLI mode check that is there any user ARP policers configured on an ae interface:\n\n show configuration | display set | match jtac-arp\n set groups jtac-arp-policer interfaces ae5 unit \u003c*\u003e family inet policer arp jtac-arp \u003c\u003c\u003c this shows user arp policer configured on all ae interfaces\n\nNext validate which ARP policer is installed by using the operational cli command:\n\n\u201cshow interfaces extensive | match policer\u201d\n show interfaces extensive | match policer\n Policer: Input: __default_arp_policer__ \u003c\u003c\u003c incorrect if user arp policer was applied on ae interface and default arp policer is displayed\n Policer: Input: jtac-arp-ae5.317-inet-arp \u003c\u003c\u003c correct if user arp policer was applied on ae interface"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command \"show interfaces \u003c\u003e extensive\" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ \u003c\u003c\u003c incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp \u003c\u003c\u003c correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11191",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11191"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: For all platforms, except SRX Series, using Junos OS 15.1R7-S10, 18.4R2-S9, 18.4R3-S9, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases. On SRX series using Junos OS 18.4R2-S9, 18.4R3-S9, 19.4R3-S4. 20.1R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11191",
"defect": [
"1528403"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There is no workaround for this issue. \n\nIf affected by this issue, to recover from its impact, restart the firewall process to update the ARP Policer on the AE interface unit(s). \nFrom the CLI issue: \n\n cli\u003e restart firewall \n\nNote: no side effects on firewall restart shall be seen when issuing this command."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0289",
"datePublished": "2021-07-15T20:01:05.615580Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T03:48:59.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0030
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 17:17
Severity ?
EPSS score ?
Summary
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365976",
"1365987"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Password hashing uses DES and a hardcoded salt",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0030",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Password hashing uses DES and a hardcoded salt"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365976",
"1365987"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0030",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T17:17:54.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0022
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 21:03
Severity ?
EPSS score ?
Summary
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365592"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0022",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365592"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0022",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T21:03:47.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0020
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 22:01
Severity ?
EPSS score ?
Summary
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365592"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Hard coded credentials used in Web Collector",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0020",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Hard coded credentials used in Web Collector"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365592"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0020",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T22:01:48.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0023
Vulnerability from cvelistv5
Published
2019-01-15 21:00
Modified
2024-09-16 19:00
Severity ?
EPSS score ?
Summary
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA10918 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | Juniper ATP |
Version: 5.0 < 5.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper ATP",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365614"
],
"discovery": "INTERNAL"
},
"title": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0023",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"1365614"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0023",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T19:00:38.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-07-15 20:15
Modified
2024-11-21 05:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11191 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11191 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01888A41-DD62-42C3-ADDB-9F98933D7D2C",
"versionEndExcluding": "15.1",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D00050D6-179F-44CA-81BF-0D62A3764DF7",
"versionEndExcluding": "18.4",
"versionStartIncluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "97AFB83A-B200-48DA-B976-E170BB1AB752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B7E72C49-1849-4A6F-81BC-D03F06D47D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "541535BD-20DC-4489-91A7-F6CBC6802352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "924C4EAC-2A52-45A9-BE0F-B62F070C3E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "064A7052-4EF5-4BFB-88FF-8122AEECB6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08C58CCB-3BAA-4400-B371-556DF46DE69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "28F7740D-C636-4FA3-8479-E5E039041DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "81F6DEA3-F07E-4FD0-87CB-4E8C0B768706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "2C1601BB-CAB7-4C92-8416-1824BB85D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "44C4BE2C-814F-49AA-8B64-17245FC01270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "758275F3-9457-45A2-8F57-65DCD659FC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46CB928-78B5-4D60-B747-9A0988C7060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "ED73BF1A-96E4-49F1-A6AA-7B29DAA6C112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC8E7547-6649-436D-BC45-184417680C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "D9789FF8-D55C-4AF9-A250-E543A0EB826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "8E0D4959-3865-42A7-98CD-1103EBD84528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:acx1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF19CB03-4A42-48BC-A6E1-A6F56D40F422",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648CB4A2-05FA-4445-BB4F-F9285A8E8A5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90339191-4DE3-4116-8CEC-C5440D063CEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F5683A-7DCC-4691-AD3A-F2B66684DA9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "154658D0-FE3E-43C1-8A4D-CAF67C9BCD98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76E2CDA9-2379-482C-B509-D527AFE2C7D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36729286-5080-47E8-A961-976BF64F5A93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C398D8D-AD15-422C-90DE-2EAD9B9A7DF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8DB691-C9F4-4084-8563-642A2F63DA86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5096:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44B58F51-4F0D-40BD-A90F-226A26F4646E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D013356B-A9FE-4301-BFEB-0D5B1AB3541D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5448:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB7B849-D1D4-46F3-B502-5D84C5E7C3B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0730C3-5846-43E9-A9BD-8AEED356A959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655453A-D027-41A3-B1E9-D40A5220E4CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx6360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58626682-A25D-46B6-B2B3-493772FFBA11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:acx710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3484A2-C7E4-43D1-9D47-08C531185C67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11D4A86D-BDB4-4A01-96FE-7E023C58074B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ctp150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DDF73E-3892-4CEF-A184-F337A8406A82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ctp2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F92815F-B287-4A00-8D15-B44B9B0CB551",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ctp2024:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22D4B48C-CA58-4FA0-B31B-4ED7D96F7D79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ctp2056:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D82E84B-2B79-47DE-9033-B6711382CE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED6C49E-3AB5-4688-8BD7-0F9C274021F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:dx:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF678F5C-F375-475C-BBEC-A4FC5F94AEFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex_rps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42877394-A0A1-4136-A1D3-D287BFCC85E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D4F71-8476-4F0D-A976-A308D6483D6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2200-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BD5636-93D5-4C06-964F-00055DF6B2B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D066A90D-F7F2-4EA5-8F0C-D0E189DDB05D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979C3597-C53B-4F4B-9EA7-126DA036C86D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A536DA-5A57-4255-AB22-F99F8B7FF62A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7A20FC-A19F-4881-A0E8-C440E9FE60D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC326549-217D-4194-8310-AB398D6FF3F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3300-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32B9B26-8BF0-4C56-A9BF-D9BBAEA50506",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53269C69-3D1E-4F05-8EF6-81743D7A699E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F54ADF-7C13-4AA6-B61E-627D4DBB1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEA4BC3-093F-4DE6-BED1-2C7D2FC2C8A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24p-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592377CC-4044-4FDD-A3DF-CBF25754EE4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D12E8275-EF6B-44F9-A7D8-A769CDB5EED5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-24t-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E63215-246E-49F3-A537-8A90D512DAB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1A5E69-928A-41A0-8B9B-91F307D99854",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B71953D-016D-4E72-B598-55667A507681",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-32f-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CABBC37B-EB93-424D-A1E7-4686039C0955",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24526B69-E3E3-4249-80A4-A886BED5C07E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48mp-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2209605-65B6-44B3-9700-9EC543BF2408",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C348CF-65C1-4A53-8F4F-99B5A4113679",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48p-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60CB5F91-DC40-4D09-BB93-4539B8581877",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE8EB69-95DD-44E9-80A6-F2B5E34BBD5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEDB14F-E74A-4C48-A969-1D22D7F7C7C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE3866E-109E-479F-9FFE-3F6E81C0DE7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A17D793-5F01-4818-956D-D6BC5A6C4CEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48t-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4C3E8E-C8B4-42A5-8DB6-7E8114FCC030",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tafi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AF34EC-A154-4042-BE0B-B2BA9EEDEE93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD3D9F-B49C-48EC-8AE1-FE3B399809DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-48tdc-afi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DC1840-7409-4BD0-9522-B55B1166CF9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EECCB3-37B3-4146-8F8C-4BBFF84499E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303ADB06-5CB5-44DA-8387-39FACC539EF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F07B0E0B-D2F2-4CF1-A8EA-A1E8DE83BBB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEE8AE4-B393-442C-AD68-4AC43E76A8F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4500-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D842407-7A13-47C7-BBC9-FB0E978221CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E98077-92AF-4E3E-96F0-2E6F9D6343D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B84C72A-C314-46FB-8DD8-1DF29C6C4B0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4550\\/vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3612D798-7A5F-4068-A5A2-92173893450E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ECB975-D1A0-4318-9C5E-752A3C98F76F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex6200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CC1C89-B37F-4C5F-9F79-12997C79711D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex6210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71FF88C7-89CB-4E04-BADA-AD64F8060C6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AFE829C-325D-4E66-A6A2-A81BE8BCAB72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8200-vc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74B12A6-1CE2-4293-ABA5-E3F23E15485C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72E67A5A-0DFF-42D9-81A7-570E9BCA463D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51C5371-51E9-40AE-8619-BC1267DD1D08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D08A8D94-134A-41E7-8396-70D8B0735E9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8790B456-DFC7-4E82-9A0C-C89787139B79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCB1E61-07A1-40B0-B616-F1A6E06D11C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9251:-:*:*:*:*:*:*:*",
"matchCriteriaId": "079290E9-DCC5-43F7-9480-64874DBF2696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9253:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA71434-CCBF-4A55-8B30-D213A43E8641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:fips_infranet_controller_6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B171E2-3E7D-42CE-8F16-0C232222EC63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80CC7A54-95DD-4C60-8A99-21F800616784",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B68C4310-771E-4E8F-9C62-6EBE233FCB92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528028F3-3F3F-4354-A1D7-2EF66BA27CEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1587D9-B2C4-48E6-889E-D4AFB7154E47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:idp250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60A5EAF5-4E2C-4A5C-A4B8-6370490136AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:idp75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD39F3D-8DD7-48DA-A8C2-543B8B05E50F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:idp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "567C7544-3C8B-468B-A2A1-0750B4623EA1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:idp8200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC3940A-9974-48AC-BEA6-66F1DC8D91DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:infranet_controller_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D39E3026-7E64-4201-8801-5138C52EA3BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:infranet_controller_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1220A6C-A397-4BDD-A7D1-BF16BC35CE4A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:infranet_controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602D3D3E-6859-4E6D-AF61-D58D26C78E65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:infranet_controller_6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4384E5A3-9D09-4340-943A-BB3408D85B8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jatp:400:*:*:*:*:*:*:*",
"matchCriteriaId": "A5723E51-E41D-4CBC-B433-C5D0845711C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:jatp:700:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC93060-DCEA-4181-A38B-653FB165D2C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:junos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA2466C-D443-4A63-AA4F-1AE4EE5DA02A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:junos_space_ja1500_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58939FC-742F-4A93-8977-6953B32E6817",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:junos_space_ja2500_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D76C2611-F434-496C-8E30-4FA927223B81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ln1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19C2C35E-BE56-436B-A917-95B8C0BD6B41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ln2600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F11EE2D8-262D-44EC-B6A4-005C96AD5D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:m10i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10374BF7-2AD3-483F-B3C1-950076934866",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:m120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB57F2-6135-49FF-8D33-13B55F7020CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:m320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA6BB73-A778-414B-8A92-6CB6886A32D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:m7i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6048CF-0BE2-4016-A95E-34799796014C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE557B9-DF6D-4C20-98BE-E934D187CCFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB174F88-B643-4338-BCD6-A9CD0EDB54A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115C8834-8BD1-4561-8B98-AE29E3B9C1C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72952BFC-45B9-4379-8D9A-A10132CC34EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52699E2B-450A-431C-81E3-DC4483C8B4F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C39DA74D-F5C7-4C11-857D-50631A110644",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F72C850A-0530-4DB7-A553-7E19F82122B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE2089C-F341-4DC1-B76D-633BC699306D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B557965-0040-4048-B56C-F564FF28635B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB875EBD-A3CD-4466-B2A3-39D47FF94592",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A658500D-84C8-4F33-9AD3-2DF76DC41459",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2B4E7A-30F3-488E-A685-7CBF998C7E9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5gt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCCC02F-48ED-469D-808A-B17810A6E5C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5gt:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A482DFA5-4108-4B0F-BD8E-04FEB52D3537",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B97B63E-CE45-4DF9-9838-D9CE96CECE72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp:3.0r1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F6D51-15B0-449D-9418-8C4C7A1E1D7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp:3.0r2:*:*:*:*:*:*:*",
"matchCriteriaId": "C696E607-0927-4087-A437-9C5459EB8BE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C332A8-746C-4FC8-84E3-D67C8C3D377A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6C2728-2D68-498A-A6F1-39DBEFABB1B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44AF925F-DF8C-456E-A61E-E94C5CED5A7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-idp_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5D2B14-E517-4229-BB16-A1B8E5436959",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nfx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "322C5D3F-ADE3-417D-9355-187C9648ED1D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nfx150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AE81FA-B0F3-4F0B-A2D1-2BB590345058",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nfx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB08A27-7777-4538-ADC4-9D2F89963C13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nfx350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB56048-A486-4A46-B438-CC3084BD9CB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nsm3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD754FD-CC22-47BA-A2A7-4835CC8E55E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:nsmexpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5B7D06-3E72-49C1-9ABA-7BD68860C1F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ocx1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290BA886-8174-4F62-A72C-D50BFDB7FDA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6DF99D-E438-4943-BC32-F2821E72AE0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx1000-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B219F54A-4474-48CB-80F1-D988A719C3DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249F6266-4ED6-4464-9347-9322E1481D0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDCCB33-D428-4D64-977E-71C62F89AE5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10001-36mr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C188428C-0558-44FB-845C-E885DE9A0733",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx100016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37F94757-34CE-4F88-A6D3-544FE6A476D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82B22AC2-B794-4F12-9EB3-9AA6E4B19831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10002-60c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5462DF-5CF1-4DF9-989B-622EA734964F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_160c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E88A41-B158-4A66-9DFD-438931C6BE68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_80c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97FFB5-8755-474B-ABCF-98DC7659208E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10003_81cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAECB1BF-0F3A-4AD9-AF6B-E54A13D9D804",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C432E543-37F5-4CA0-B239-2B97C6A16907",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1879799F-18B2-4958-AA90-FD19348C889F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "516476F9-7D4C-494F-99AA-750F4467CD15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ptx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654140A0-FEC0-4DB4-83BF-ECCB000DFA4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2039C-E08C-472F-82E6-DAD3F94724B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1401145-D8EC-4DB9-9CDE-9DE6C0D000C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10002-32q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17E59530-3262-4BDC-915C-0B8D2EED7784",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10002-60c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "626CA614-72D4-4A8B-9C38-275C7A7F8D85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10002-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FF30F4-3D10-4AD6-9643-5826A11C7629",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1453E42A-77B3-4922-8EC3-1A5668C39550",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26408465-BD6A-4416-B98E-691A5F651080",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3000-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79C98F71-042D-412D-8064-FF8E27CAB9D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3000-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3110C458-EFBA-4221-9417-015B7D5874C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3008-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0727FD0-F5A2-4156-BBDB-F4AE6E6F1B89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "858482CF-E310-4F6C-8ECC-C9BFBA3E1EC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4D44B0-E6CE-4380-8712-AC832DBCB424",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx3600-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F6C1E3-9390-4E06-AA62-02C99447FDB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD0F680-ED30-48F3-A5D9-988D510CFC0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38D790AD-D00F-4FED-96FE-3046C827356B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9AD5C-947D-41EF-9969-FCCEB144984F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86047DE-A0A0-4698-9414-B66C0FA7B544",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:router_m10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5BF9C1-F81A-487F-A748-94D6FFFEE454",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:router_m16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2B717B-9637-4FA3-9361-315941D95BEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:router_m20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA345A17-CB56-4252-AC1E-EDF2F91A80FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:router_m40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0960F82-AF63-4047-BB4A-44BC4A4E4B3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:router_m5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "493A0970-104C-4485-8067-973931CD6067",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6B885A-5C17-4928-A1B9-4A729F277F4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6A2465-451A-436A-89C1-94424A0C4AB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "641091CF-F671-4AD7-B10F-E50497AC462B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "501D212B-D846-4D43-B6D8-F01C2483AB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075FD895-451D-4959-9A73-94F5BB1853E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42FB27DD-D685-4D5E-8DAF-7A34DE33AB59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6E6B57-BFF3-4AD2-979A-B2C4FD9F138E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F913-266E-44CB-BFA3-85AC9D55FF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B57FF1-D4F8-4E28-95A7-2D29DF65D825",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:t640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12CCEFE5-F37B-482D-8670-DA40EFBB7E42",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:xre200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5542E06B-EC81-47A8-AB09-55DBE0560D1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B7E72C49-1849-4A6F-81BC-D03F06D47D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "541535BD-20DC-4489-91A7-F6CBC6802352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "924C4EAC-2A52-45A9-BE0F-B62F070C3E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "064A7052-4EF5-4BFB-88FF-8122AEECB6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08C58CCB-3BAA-4400-B371-556DF46DE69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "28F7740D-C636-4FA3-8479-E5E039041DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "81F6DEA3-F07E-4FD0-87CB-4E8C0B768706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "2C1601BB-CAB7-4C92-8416-1824BB85D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "44C4BE2C-814F-49AA-8B64-17245FC01270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "758275F3-9457-45A2-8F57-65DCD659FC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46CB928-78B5-4D60-B747-9A0988C7060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "ED73BF1A-96E4-49F1-A6AA-7B29DAA6C112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0886EFA6-47E3-4C1D-A278-D3891A487FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC8E7547-6649-436D-BC45-184417680C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "D9789FF8-D55C-4AF9-A250-E543A0EB826F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "8E0D4959-3865-42A7-98CD-1103EBD84528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command \"show interfaces \u003c\u003e extensive\" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ \u003c\u003c\u003c incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp \u003c\u003c\u003c correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved."
},
{
"lang": "es",
"value": "Cuando se configura y aplica el ARP Policer definido por el usuario en una o m\u00e1s unidades de interfaz de Ethernet Agregada (AE), una vulnerabilidad de condici\u00f3n de carrera de tipo Time-of-check Time-of-use (TOCTOU) entre los demonios Device Control Daemon (DCD) y el proceso de firewall (dfwd) de Juniper Networks Junos OS permite a un atacante omitir el ARP Policer definido por el usuario. En este caso concreto, el ARP policer de usuario se sustituye por el ARP policer predeterminado. Para revisar los ARP Policers deseados y el estado real se puede ejecutar el comando \"show interfaces () extensive\" y revisar la salida. Vea m\u00e1s detalles a continuaci\u00f3n. Un ejemplo de salida es: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ ((( incorrecto si se aplic\u00f3 ARP Policer de usuario en una interfaz AE y se muestra el ARP Policer por defecto Policer: Input: jtac-arp-ae5.317-inet-arp ((( correcto si se aplic\u00f3 ARP Policer de usuario en una interfaz AE Para todas las plataformas, excepto la serie SRX: Este problema afecta a Juniper Networks Junos OS: Todas las versiones 5.6R1 y todas las versiones posteriores, anteriores a 18.4 versiones anteriores a 18.4R2-S9, 18.4R3-S9 con la excepci\u00f3n de las versiones 15.1 15.1R7-S10 y posteriores; las versiones 19.4 anteriores a 19.4R3-S3; las versiones 20.1 anteriores a 20. 1R3; versiones 20.2 anteriores a 20.2R3-S2; 20.3 versi\u00f3n 20.3R1 y versiones posteriores; 20.4 versiones anteriores a 20.4R3; 21.1 versiones anteriores a 21.1R2; Este problema no afecta a versiones de Junos OS anteriores a 5.6R1. En la serie SRX, este problema afecta a Juniper Networks Junos OS: 18.4 versiones anteriores a 18.4R2-S9, 18.4R3-S9; 19.4 versiones anteriores a 19.4R3-S4; versiones 20.1 anteriores a 20.1R3; versiones 20.2 anteriores a 20.2R3-S2; 20.3 versi\u00f3n 20.3R1 y posteriores; 20.4 versiones anteriores a 20.4R3; 21.1 versiones anteriores a 21.1R2. Este problema no afecta a las versiones 18.4 anteriores a 18.4R1 en la serie SRX. Este problema no afecta a Junos OS Evolved"
}
],
"id": "CVE-2021-0289",
"lastModified": "2024-11-21T05:42:24.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T20:15:10.563",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11191"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting persistente en el men\u00fa de subida de archivos de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0018",
"lastModified": "2024-11-21T04:16:03.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.557",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Las credenciales de Splunk de Juniper, en la serie ATP, est\u00e1n registradas en un archivo legible por usuarios autenticados locales. Mediante el uso de esas credenciales, un atacante puede acceder al servidor de Splunk. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0029",
"lastModified": "2024-11-21T04:16:05.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.980",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
Summary
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "En Juniper ATP, la clave API y la clave del dispositivo est\u00e1n registradas en un archivo legible por usuarios autenticados locales. Estas claves se emplean para realizar operaciones cr\u00edticas en la interfaz WebUI. Este problema afecta a Junipe ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0004",
"lastModified": "2024-11-21T04:16:01.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:00.917",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el men\u00fa de configuraci\u00f3n de reglas de Snort de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0027",
"lastModified": "2024-11-21T04:16:04.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.917",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
7.1 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39270838-64F0-4E1E-80FD-0F48C47B16F8",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Juniper ATP, secret passphrase CLI inputs, such as \"set mcm\", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4."
},
{
"lang": "es",
"value": "En Juniper ATP, las entradas CLI de frase de contrase\u00f1a, como \"set mcm\", se registran en /var/log/syslog en texto claro, lo que permite que un usuario local autenticado visualice esta informaci\u00f3n secreta. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.4."
}
],
"id": "CVE-2019-0021",
"lastModified": "2024-11-21T04:16:04.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.637",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting persistente en el men\u00fa de configuraci\u00f3n de Zone de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0026",
"lastModified": "2024-11-21T04:16:04.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.887",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
Summary
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADD63C7-4637-4649-9F45-A68E983B2610",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Juniper ATP emplea DES y una sal embebida para hashear contrase\u00f1as, lo que permite el \"deshasheo\" trivial del contenido del archivo de contrase\u00f1as. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0030",
"lastModified": "2024-11-21T04:16:05.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:02.027",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Juniper ATP se distribuye con credenciales embebidas en la instancia de Web Collector, que otorga a un atacante la capacidad de tomar el control total de cualquier instalaci\u00f3n del software. Las versiones afectadas son Juniper Networks Junos ATP: versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0020",
"lastModified": "2024-11-21T04:16:03.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.587",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting persistente en el men\u00fa de Golden VM de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0023",
"lastModified": "2024-11-21T04:16:04.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.730",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting persistente en el men\u00fa de configuraci\u00f3n de RADIUS de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0025",
"lastModified": "2024-11-21T04:16:04.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.837",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Juniper ATP se distribuye con credenciales embebidas en la instancia de Cyphort Core, que otorga a un atacante la capacidad de tomar el control total de cualquier instalaci\u00f3n del software. Las versiones afectadas son Juniper Networks Junos ATP: versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0022",
"lastModified": "2024-11-21T04:16:04.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.683",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 21:29
Modified
2024-11-21 04:16
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10918 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B5A612-9ACC-4A7F-A34F-47B1BDA85A03",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A96949A-031D-4E05-8915-1A6D6BE645E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D8A7A3-2DFB-4752-8509-451247A1D5D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting persistente en el men\u00fa de Email Collectors de Juniper ATP podr\u00eda permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, enga\u00f1ando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3."
}
],
"id": "CVE-2019-0024",
"lastModified": "2024-11-21T04:16:04.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.790",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10918"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}