cnvd - cnvd-2019-41474

CNVD-2019-41474

Vulnerability from cnvd - Published: 2019-11-19

Title

Juniper Networks Junos OS授权问题漏洞（CNVD-2019-41474）

Description

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。攻击者可利用该漏洞使用社交工程技术修复和劫持J-Web管理员Web会话，并有可能获得对该设备的管理访问权限。

Severity

中

Patch Name

Juniper Networks Junos OS授权问题漏洞（CNVD-2019-41474）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10961&actp=METADATA

Reference

https://kb.juniper.net/JSA10961

Impacted products

Name
['Juniper Networks Juniper Networks Junos OS 12.3', 'Juniper Networks Juniper Networks Junos OS 15.1', 'Juniper Networks Juniper Networks Junos OS 16.2', 'Juniper Networks Juniper Networks Junos OS 17.1', 'Juniper Networks Juniper Networks Junos OS 17.2', 'Juniper Networks Juniper Networks Junos OS 17.3', 'Juniper Networks Juniper Networks Junos OS 17.4', 'Juniper Networks Juniper Networks Junos OS 18.1', 'Juniper Networks Juniper Networks Junos OS 18.2', 'Juniper Networks Juniper Networks Junos OS 18.3', 'Juniper Networks Juniper Networks Junos OS 18.4', 'Juniper Networks Juniper Networks Junos OS 16.1', 'Juniper Networks Juniper Networks Junos OS X48', 'Juniper Networks Juniper Networks Junos OS X53', 'Juniper Networks Juniper Networks Junos OS X49', 'Juniper Networks Juniper Networks Junos OS 19.1']

Name

['Juniper Networks Juniper Networks Junos OS 12.3', 'Juniper Networks Juniper Networks Junos OS 15.1', 'Juniper Networks Juniper Networks Junos OS 16.2', 'Juniper Networks Juniper Networks Junos OS 17.1', 'Juniper Networks Juniper Networks Junos OS 17.2', 'Juniper Networks Juniper Networks Junos OS 17.3', 'Juniper Networks Juniper Networks Junos OS 17.4', 'Juniper Networks Juniper Networks Junos OS 18.1', 'Juniper Networks Juniper Networks Junos OS 18.2', 'Juniper Networks Juniper Networks Junos OS 18.3', 'Juniper Networks Juniper Networks Junos OS 18.4', 'Juniper Networks Juniper Networks Junos OS 16.1', 'Juniper Networks Juniper Networks Junos OS X48', 'Juniper Networks Juniper Networks Junos OS X53', 'Juniper Networks Juniper Networks Junos OS X49', 'Juniper Networks Juniper Networks Junos OS 19.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0062",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-0062"
    }
  },
  "description": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\n\nJuniper Networks Junos OS\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u793e\u4ea4\u5de5\u7a0b\u6280\u672f\u4fee\u590d\u548c\u52ab\u6301J-Web\u7ba1\u7406\u5458Web\u4f1a\u8bdd\uff0c\u5e76\u6709\u53ef\u80fd\u83b7\u5f97\u5bf9\u8be5\u8bbe\u5907\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10961\u0026actp=METADATA",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41474",
  "openTime": "2019-11-19",
  "patchDescription": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\r\n\r\nJuniper Networks Junos OS\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u793e\u4ea4\u5de5\u7a0b\u6280\u672f\u4fee\u590d\u548c\u52ab\u6301J-Web\u7ba1\u7406\u5458Web\u4f1a\u8bdd\uff0c\u5e76\u6709\u53ef\u80fd\u83b7\u5f97\u5bf9\u8be5\u8bbe\u5907\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks Junos OS\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-41474\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Juniper Networks Junos OS 12.3",
      "Juniper Networks Juniper Networks Junos OS 15.1",
      "Juniper Networks Juniper Networks Junos OS 16.2",
      "Juniper Networks Juniper Networks Junos OS 17.1",
      "Juniper Networks Juniper Networks Junos OS 17.2",
      "Juniper Networks Juniper Networks Junos OS 17.3",
      "Juniper Networks Juniper Networks Junos OS 17.4",
      "Juniper Networks Juniper Networks Junos OS 18.1",
      "Juniper Networks Juniper Networks Junos OS 18.2",
      "Juniper Networks Juniper Networks Junos OS 18.3",
      "Juniper Networks Juniper Networks Junos OS 18.4",
      "Juniper Networks Juniper Networks Junos OS 16.1",
      "Juniper Networks Juniper Networks Junos OS X48",
      "Juniper Networks Juniper Networks Junos OS X53",
      "Juniper Networks Juniper Networks Junos OS X49",
      "Juniper Networks Juniper Networks Junos OS 19.1"
    ]
  },
  "referenceLink": "https://kb.juniper.net/JSA10961",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-14",
  "title": "Juniper Networks Junos OS\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-41474\uff09"
}

CVE-2019-0062 (GCVE-0-2019-0062)

Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 22:50

Summary

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA10961

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 12.3 , < 12.3R12-S15 (custom)

	Juniper Networks	Junos OS	Affected: 12.3X48 , < 12.3X48-D85 (custom) Affected: 15.1X49 , < 15.1X49-D180 (custom)
	Juniper Networks	Junos OS	Affected: 14.1X53 , < 14.1X53-D51 (custom) Affected: 15.1 , < 15.1F6-S13, 15.1R7-S5 (custom) Affected: 15.1X53 , < 15.1X53-D238 (custom) Affected: 16.1 , < 16.1R4-S13, 16.1R7-S5 (custom) Affected: 16.2 , < 16.2R2-S10 (custom) Affected: 17.1 , < 17.1R3-S1 (custom) Affected: 17.2 , < 17.2R2-S8, 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R3-S5 (custom) Affected: 17.4 , < 17.4R2-S8, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S8 (custom) Affected: 18.2 , < 18.2R3 (custom) Affected: 18.3 , < 18.3R3 (custom) Affected: 18.4 , < 18.4R2 (custom) Affected: 19.1 , < 19.1R1-S2, 19.1R2 (custom)

Credits

Farid Heydari

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10961"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3R12-S15",
              "status": "affected",
              "version": "12.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "12.3X48-D85",
              "status": "affected",
              "version": "12.3X48",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D180",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.1X53-D51",
              "status": "affected",
              "version": "14.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1F6-S13, 15.1R7-S5",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X53-D238",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R4-S13, 16.1R7-S5",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R2-S10",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R3-S1",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R2-S8, 17.2R3-S3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S5",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S8, 17.4R3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S8",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R2",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S2, 19.1R2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n  system services web-management http\n  system services web-management https"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Farid Heydari"
        }
      ],
      "datePublic": "2019-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384 Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T19:26:17",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10961"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15*, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3*, 18.1R3-S8*, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.\n*pending publication"
        }
      ],
      "source": {
        "advisory": "JSA10961",
        "defect": [
          "1410401"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS: Session fixation vulnerability in J-Web",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use access control lists or firewall filters to limit access to Junos J-Web interface to only trusted users and networks to reduce risks of exploitation of this vulnerability.\n\nUsing common BCPs of safe web browsing such as not clicking on links in email or other media would reduce risks of exploitation of this vulnerability.\n\nDisabling J-Web would completely prevent any exploitation of this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
          "ID": "CVE-2019-0062",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Session fixation vulnerability in J-Web"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3",
                            "version_value": "12.3R12-S15"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "12.3X48",
                            "version_value": "12.3X48-D85"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.1X53",
                            "version_value": "14.1X53-D51"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1F6-S13, 15.1R7-S5"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D180"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D238"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R4-S13, 16.1R7-S5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R2-S10"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R2-S8, 17.2R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S8, 17.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S2, 19.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n  system services web-management http\n  system services web-management https"
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Farid Heydari"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-384 Session Fixation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10961",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10961"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15*, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3*, 18.1R3-S8*, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.\n*pending publication"
          }
        ],
        "source": {
          "advisory": "JSA10961",
          "defect": [
            "1410401"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Use access control lists or firewall filters to limit access to Junos J-Web interface to only trusted users and networks to reduce risks of exploitation of this vulnerability.\n\nUsing common BCPs of safe web browsing such as not clicking on links in email or other media would reduce risks of exploitation of this vulnerability.\n\nDisabling J-Web would completely prevent any exploitation of this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2019-0062",
    "datePublished": "2019-10-09T19:26:17.658174Z",
    "dateReserved": "2018-10-11T00:00:00",
    "dateUpdated": "2024-09-16T22:50:43.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-41474

CVE-2019-0062 (GCVE-0-2019-0062)

Tags

Sightings

Nomenclature