admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-10 21:00:46 +00:00
parent 4c2e51013f
commit 263b154a58
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
34 changed files with 3325 additions and 2647 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2018/19xxx/CVE-2018-19453.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19453",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.hivint.com/advisory-upload-malicious-file-in-kentico-cms-cve-2018-19453-36debbf85216",
"refsource": "MISC",
"name": "https://blog.hivint.com/advisory-upload-malicious-file-in-kentico-cms-cve-2018-19453-36debbf85216"
}
]
}

5
2018/20xxx/CVE-2018-20244.json
View File

@ -62,6 +62,11 @@
"refsource": "MLIST",
"name": "[airflow-dev] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
"url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
"url": "http://www.openwall.com/lists/oss-security/2019/04/10/6"
}
]
}

2
2019/0xxx/CVE-2019-0008.json
View File

@ -92,7 +92,7 @@
"description_data": [
{
"lang": "eng",
"value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution.\nAffected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are:\n14.1X53;\n15.1X53 versions prior to 15.1X53-D235;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S2, 17.3R4;\n17.4 versions prior to 17.4R2-S1, 17.4R3;\n18.1 versions prior to 18.1R3-S1, 18.1R4;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R2."
"value": "A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2."
}
]
},

336
2019/0xxx/CVE-2019-0019.json
View File

@ -1,171 +1,171 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0019",
"STATE": "PUBLIC",
"TITLE": "BGP packets can trigger rpd crash when BGP tracing is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9, 16.2R3"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3, 17.3R3-S4, 17.3R4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4, 18.1R4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S2, 18.2R2-S3, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3, 18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires BGP tracing to be enabled."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition.\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S4, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S9, 16.2R3;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4;\n17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4;\n18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S3, 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect Junos releases prior to 16.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0019",
"STATE": "PUBLIC",
"TITLE": "BGP packets can trigger rpd crash when BGP tracing is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9, 16.2R3"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3, 17.3R3-S4, 17.3R4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4, 18.1R4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S2, 18.2R2-S3, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3, 18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10931",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10931"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 16.2R3, 17.1R3, 17.2R3-S1, 17.3R3-S3, 17.3R3-S4, 17.3R4, 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3, 18.1R2-S4, 18.1R3-S4, 18.1R4, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10931",
"defect": [
"1399141"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The issue can be mitigated by disabling BGP tracing.\n\nUse authentication for BGP (tcp-md5, ipsec, etc.) to mitigate the issue."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires BGP tracing to be enabled."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10931",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10931"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 16.2R3, 17.1R3, 17.2R3-S1, 17.3R3-S3, 17.3R3-S4, 17.3R4, 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3, 18.1R2-S4, 18.1R3-S4, 18.1R4, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D40, 18.3R1-S3, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10931",
"defect": [
"1399141"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The issue can be mitigated by disabling BGP tracing.\n\nUse authentication for BGP (tcp-md5, ipsec, etc.) to mitigate the issue."
}
]
}

302
2019/0xxx/CVE-2019-0028.json
View File

@ -1,154 +1,154 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0028",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes due to specific BGP peer restarts condition."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S7, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92,17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S2, 17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
},
{
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). \nGraceful restart helper mode for BGP is enabled by default.\nNo other Juniper Networks products or platforms are affected by this issue.\n\n\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7;\n16.1X65 versions prior to 16.1X65-D48;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S7, 17.1R3;\n17.2 versions prior to 17.2R1-S7, 17.2R3;\n17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110;\n17.3 versions prior to 17.3R2-S2, 17.3R3;\n17.4 versions prior to 17.4R1-S4, 17.4R2;\n18.1 versions prior to 18.1R2.\n\nJunos OS releases prior to 16.1R1 are not affected."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0028",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes due to specific BGP peer restarts condition."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S7, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92,17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S2, 17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
},
{
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10932",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10932"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7, 16.1X65-D48, 16.2R2-S8, 17.1R2-S7, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R2-S2, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10932",
"defect": [
"1325157"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "This issue can be prevented by disabling the BGP graceful restart mechanism, including graceful restart helper mode:\n [protocols bgp graceful-restart disable]\nFurthermore, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10932",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10932"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7, 16.1X65-D48, 16.2R2-S8, 17.1R2-S7, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R2-S2, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10932",
"defect": [
"1325157"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "This issue can be prevented by disabling the BGP graceful restart mechanism, including graceful restart helper mode:\n [protocols bgp graceful-restart disable]\nFurthermore, the risk associated with this issue can be mitigated by limiting BGP sessions only from trusted peers."
}
]
}

224
2019/0xxx/CVE-2019-0031.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0031",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client.\nAffected releases are Juniper Networks Junos OS:\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0031",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10920",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10920"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2, 18.1R2, 18.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10920",
"defect": [
"1333381"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Customers may discontinue processing or serving DHCPv6 address assignments until such time that fixes can be taken. \nThis workaround is helpful for large IPv4 environments with fewer or considered less important IPv6 clients.\n"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10920",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10920"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2, 18.1R2, 18.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10920",
"defect": [
"1333381"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Customers may discontinue processing or serving DHCPv6 address assignments until such time that fixes can be taken. \nThis workaround is helpful for large IPv4 environments with fewer or considered less important IPv6 clients.\n"
}
]
}

260
2019/0xxx/CVE-2019-0032.json
View File

@ -1,133 +1,133 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0032",
"STATE": "PUBLIC",
"TITLE": "Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Insight",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
},
{
"product_name": "Service Now",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management issue exists where the Organization authentication username and password were stored in plaintext in log files.\nA locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization.\nAffected products are:\n\nJuniper Networks Service Insight versions from 15.1R1, prior to 18.1R1.\n\nService Now versions from 15.1R1, prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0032",
"STATE": "PUBLIC",
"TITLE": "Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Insight",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
},
{
"product_name": "Service Now",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "15.1R1"
},
{
"version_affected": "<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10921",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10921"
},
{
"name": "https://kb.juniper.net/KB27572",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB27572"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following Junos Space Service Now and Service Insight releases have been updated to resolve this specific issue:\n18.1R1, and all subsequent releases. \nThese releases of Service Now and Service Insight require at least version 18.4R1 of Junos Space.\n\nNo action is needed to resolve this issue other than upgrading.\n\nExisting log files will roll over as more actions are logged.\n\nTo clear log files manually, login to the server as admin and issue the following commands: \n [root@space ~]# cd /var/log/jboss/servers/server1/\n [root@space server1]#\n [root@space server1]# ls serviceNow.log*\nShould result in output similar to:\n serviceNow.log serviceNow.log.10 serviceNow.log.12 serviceNow.log.14 serviceNow.log.2 serviceNow.log.4 serviceNow.log.6 serviceNow.log.8 serviceNow.log.1 serviceNow.log.11 serviceNow.log.13 serviceNow.log.15 serviceNow.log.3 serviceNow.log.5 serviceNow.log.7 serviceNow.log.9\nNext,\n [root@space server1]# >> serviceNow.log\n [root@space server1]# rm serviceNow.log.*\n \nIf you wish to change the Organization password as a result of this advisory, you must contact JTAC for assistance to properly update the Organization.\n\n"
}
],
"source": {
"advisory": "JSA10921",
"defect": [
"1390749"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no workarounds for this issue.\nTo reduce the risk of exploitation of this issue use access lists or firewall filters to limit access to the device(s) via all means to only trusted administrative networks, hosts and users. "
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10921",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10921"
},
{
"name": "https://kb.juniper.net/KB27572",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB27572"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following Junos Space Service Now and Service Insight releases have been updated to resolve this specific issue:\n18.1R1, and all subsequent releases. \nThese releases of Service Now and Service Insight require at least version 18.4R1 of Junos Space.\n\nNo action is needed to resolve this issue other than upgrading.\n\nExisting log files will roll over as more actions are logged.\n\nTo clear log files manually, login to the server as admin and issue the following commands: \n [root@space ~]# cd /var/log/jboss/servers/server1/\n [root@space server1]#\n [root@space server1]# ls serviceNow.log*\nShould result in output similar to:\n serviceNow.log serviceNow.log.10 serviceNow.log.12 serviceNow.log.14 serviceNow.log.2 serviceNow.log.4 serviceNow.log.6 serviceNow.log.8 serviceNow.log.1 serviceNow.log.11 serviceNow.log.13 serviceNow.log.15 serviceNow.log.3 serviceNow.log.5 serviceNow.log.7 serviceNow.log.9\nNext,\n [root@space server1]# >> serviceNow.log\n [root@space server1]# rm serviceNow.log.*\n \nIf you wish to change the Organization password as a result of this advisory, you must contact JTAC for assistance to properly update the Organization.\n\n"
}
],
"source": {
"advisory": "JSA10921",
"defect": [
"1390749"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no workarounds for this issue.\nTo reduce the risk of exploitation of this issue use access lists or firewall filters to limit access to the device(s) via all means to only trusted administrative networks, hosts and users. "
}
]
}

264
2019/0xxx/CVE-2019-0033.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0033",
"STATE": "PUBLIC",
"TITLE": "SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": ">=",
"version_name": "12.1X46",
"version_value": "12.1X46-D25"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D71, 12.1X46-D73"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D50"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D75"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "An example configuration snippet is below: \n root@device# show security nat proxy-arp \n interface ge-0/0/0.0 { \n address { \n 2.2.2.5/32; \n } \n } "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS).\nThis issue affects only IPv4.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series;\n12.3X48 versions prior to 12.3X48-D50 on SRX Series;\n15.1X49 versions prior to 15.1X49-D75 on SRX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0033",
"STATE": "PUBLIC",
"TITLE": "SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": ">=",
"version_name": "12.1X46",
"version_value": "12.1X46-D25"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D71, 12.1X46-D73"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D50"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D75"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10922",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10922"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D50, 15.1X49-D75, 17.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10922",
"defect": [
"1208910"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Discontinue use of proxy ARP.\nAn example configuration snippet is below:\n deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32\n(or)\n delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 \n \nThere are no other viable workarounds for this issue.\n"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "An example configuration snippet is below: \n root@device# show security nat proxy-arp \n interface ge-0/0/0.0 { \n address { \n 2.2.2.5/32; \n } \n } "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10922",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10922"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D71, 12.1X46-D73, 12.3X48-D50, 15.1X49-D75, 17.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10922",
"defect": [
"1208910"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Discontinue use of proxy ARP.\nAn example configuration snippet is below:\n deactivate security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32\n(or)\n delete security nat proxy-arp interface ge-0/0/0.0 address 2.2.2.5/32 \n \nThere are no other viable workarounds for this issue.\n"
}
]
}

346
2019/0xxx/CVE-2019-0034.json
View File

@ -1,176 +1,176 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0034",
"STATE": "PUBLIC",
"TITLE": "Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R1-S3"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Devices with Network Agent installed will match the following software version output:\n\n user@junos> show version | grep na\\ telemetry\n JUNOS na telemetry [17.3R3-S3.3] \n\ngRPC is enabled by the following command:\n\n user@junos# set system services extension-service request-response grpc\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data.\n\nConfiguration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical 'set' operations on the device. These APIs need the client to be authenticated for which the username/password can be used.\n\nSuccessful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network \nAgent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue.\n\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R3-S10, 16.1R7-S4;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S3;\n18.2 versions prior to 18.2R1-S5, 18.2R2-S1;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2, 18.3R1-S3.\n\nThis issue does not affect Junos OS releases prior to 16.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0034",
"STATE": "PUBLIC",
"TITLE": "Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R1-S3"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "16.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10923",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10923"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 16.1R3-S10, 16.1R7-S4, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10923",
"defect": [
"1394927"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the gRPC service via the following command if it is not needed in your environment:\n\n delete system services extension-service request-response grpc \n\nIn addition to the recommendation listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Devices with Network Agent installed will match the following software version output:\n\n user@junos> show version | grep na\\ telemetry\n JUNOS na telemetry [17.3R3-S3.3] \n\ngRPC is enabled by the following command:\n\n user@junos# set system services extension-service request-response grpc\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Starting with Junos OS Release 16.1R3, the Junos Telemetry Interface supports Google gRPC remote procedure calls to provision sensors and to subscribe to and receive telemetry data. Configuration files used by gRPC were found to contain hardcoded credentials that could be used by the Junos Network Agent to perform unauthorized read of certain non-critical information (e.g. sensor data). Additionally, APIs exposed via the Juniper Extension Toolkit (JET) may be able to perform non-critical 'set' operations on the device. These APIs need the client to be authenticated for which the username/password can be used. Successful exploitation of this vulnerability can only occur if the Junos Network Agent package (Junos Telemetry Interface) is installed on the device. If the Junos Network Agent is not installed, then the gRPC interface required to leverage these credentials is unavailable and the system is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R1-S3. This issue does not affect Junos OS releases prior to 16.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10923",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10923"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/installation/network-agent-installing.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/grpc-junos-telemetry-interface-configuring.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-telemetry-interface-oveview.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 16.1R3-S10, 16.1R7-S4, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S3, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10923",
"defect": [
"1394927"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable the gRPC service via the following command if it is not needed in your environment:\n\n delete system services extension-service request-response grpc \n\nIn addition to the recommendation listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
]
}

366
2019/0xxx/CVE-2019-0035.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0035",
"STATE": "PUBLIC",
"TITLE": "Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D68"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Administrators can disable root login connections to the console, and if running a fixed release, restrict single-user mode password recovery via the following configuration command:\n\n user@host# set system ports console insecure"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When \"set system ports console insecure\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \"set system root-authentication plain-text-password\" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short.\n\nPassword recovery, changing the root password from a console, should not have been allowed from an insecure console.\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D160;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68;\n16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3;\n16.1X65 versions prior to 16.1X65-D49;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S2;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S3;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0035",
"STATE": "PUBLIC",
"TITLE": "Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D68"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10924",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10924"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D496, 15.1X53-D68, 16.1R3-S10, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S3, 18.2R2, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10924",
"defect": [
"1368998"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit physical access to the recovery console to only trusted administrators."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Administrators can disable root login connections to the console, and if running a fixed release, restrict single-user mode password recovery via the following configuration command:\n\n user@host# set system ports console insecure"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When \"set system ports console insecure\" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using \"set system root-authentication plain-text-password\" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10924",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10924"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D496, 15.1X53-D68, 16.1R3-S10, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S3, 18.2R2, 18.2X75-D40, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10924",
"defect": [
"1368998"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit physical access to the recovery console to only trusted administrators."
}
]
}

396
2019/0xxx/CVE-2019-0036.json
View File

@ -1,201 +1,201 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0036",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Firewall filter terms named \"internal-1\" and \"internal-2\" being ignored"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D130, 14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D161, 15.1X49-D170"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S1, 18.4R1-S2"
},
{
"version_affected": "=",
"version_name": "12.1X46",
"version_value": "12.1X46"
},
{
"version_affected": "=",
"version_name": "12.3X48",
"version_value": "12.3X48"
},
{
"version_affected": "=",
"version_name": "12.3",
"version_value": "12.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n term internal-1 {\n from {\n source-address {\n 157.249.32.21/32;\n }\n destination-address {\n 157.249.197.64/30;\n }\n protocol udp;\n destination-port 123;\n }\n then {\n count scan-ad-internal-1;\n accept;\n }\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configuring a stateless firewall filter in Junos OS, terms named using the format \"internal-n\" (e.g. \"internal-1\", \"internal-2\", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results.\n\nAffected releases are Juniper Networks Junos OS:\nAll versions prior to and including 12.3;\n14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69;\n16.1 versions prior to 16.1R7-S4, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S4;\n17.4 versions prior to 17.4R1-S7, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S4;\n18.2 versions prior to 18.2R1-S5, 18.2R2-S1;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S3;\n18.4 versions prior to 18.4R1-S1, 18.4R1-S2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0036",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Firewall filter terms named \"internal-1\" and \"internal-2\" being ignored"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D130, 14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D161, 15.1X49-D170"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S7, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S4"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5, 18.2R2-S1"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S1, 18.4R1-S2"
},
{
"version_affected": "=",
"version_name": "12.1X46",
"version_value": "12.1X46"
},
{
"version_affected": "=",
"version_name": "12.3X48",
"version_value": "12.3X48"
},
{
"version_affected": "=",
"version_name": "12.3",
"version_value": "12.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10925",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10925"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D161, 15.1X49-D170, 15.1X53-D236, 15.1X53-D496, 15.1X53-D69, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S4, 17.4R1-S7, 17.4R2-S3, 18.1R2-S4, 18.1R3-S4, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S3, 18.4R1-S1, 19.1R1, and all subsequent releases.\n\nNote: Fixes are not available for Junos OS 12.1X46, 12.3X48, or 12.3R12 due to the high risk of making changes to earlier releases, and the easily implemented available workaround."
}
],
"source": {
"advisory": "JSA10925",
"defect": [
"1394922"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid configuring firewall filter names of the format: internal-n."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n term internal-1 {\n from {\n source-address {\n 157.249.32.21/32;\n }\n destination-address {\n 157.249.197.64/30;\n }\n protocol udp;\n destination-port 123;\n }\n then {\n count scan-ad-internal-1;\n accept;\n }\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configuring a stateless firewall filter in Junos OS, terms named using the format \"internal-n\" (e.g. \"internal-1\", \"internal-2\", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10925",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10925"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D130, 14.1X53-D49, 15.1F6-S12, 15.1R7-S4, 15.1X49-D161, 15.1X49-D170, 15.1X53-D236, 15.1X53-D496, 15.1X53-D69, 16.1R7-S4, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S4, 17.4R1-S7, 17.4R2-S3, 18.1R2-S4, 18.1R3-S4, 18.2R1-S5, 18.2R2-S1, 18.2X75-D40, 18.3R1-S3, 18.4R1-S1, 19.1R1, and all subsequent releases.\n\nNote: Fixes are not available for Junos OS 12.1X46, 12.3X48, or 12.3R12 due to the high risk of making changes to earlier releases, and the easily implemented available workaround."
}
],
"source": {
"advisory": "JSA10925",
"defect": [
"1394922"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid configuring firewall filter names of the format: internal-n."
}
]
}

356
2019/0xxx/CVE-2019-0037.json
View File

@ -1,181 +1,181 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0037",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D171, 15.1X49-D180"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n user@host# edit system services dhcp-local-server dhcpv6\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients.\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496;\n16.1 versions prior to 16.1R3-S10, 16.1R7-S4;\n16.2 versions prior to 16.2R2-S8;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S3;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S2;\n18.2 versions prior to 18.2R2;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R1-S2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0037",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D171, 15.1X49-D180"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D496"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10926",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10926"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D171, 15.1X49-D180, 15.1X53-D236, 15.1X53-D496, 16.1R3-S10, 16.1R7-S4, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S2, 18.2R2, 18.2X75-D30, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10926",
"defect": [
"1391983"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "No known workaround exists for this issue."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Sample configuration:\n\n user@host# edit system services dhcp-local-server dhcpv6\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10926",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10926"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S3, 15.1X49-D171, 15.1X49-D180, 15.1X53-D236, 15.1X53-D496, 16.1R3-S10, 16.1R7-S4, 16.2R2-S8, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S3, 18.1R2-S4, 18.1R3-S2, 18.2R2, 18.2X75-D30, 18.3R1-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10926",
"defect": [
"1391983"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "No known workaround exists for this issue."
}
]
}

288
2019/0xxx/CVE-2019-0038.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0038",
"STATE": "PUBLIC",
"TITLE": "SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"platform": "SRX340/SRX345",
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S3, 17.4R3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S1"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1X49"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion.\n\nThis issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability.\nAffected releases are Juniper Networks Junos OS:\n15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345;\n17.3 on SRX340/SRX345;\n17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345;\n18.1 versions prior to 18.1R3-S1 on SRX340/SRX345;\n18.2 versions prior to 18.2R2 on SRX340/SRX345;\n18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345.\n\nThis issue does not affect Junos OS releases prior to 15.1X49 on any platform."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n The following log message may be displayed when the device is in this condition:\n\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n\nAdministrators can monitor buffer space utilization by executing the command:\n\n request pfe execute target fwdd command \"show octeon fpa buffers\"\n ================ cluster1.node0 ================\n SENT: Ukern command: show octeon fpa buffers\n\n FPA 0: Avail: 23632, Errors: 0\n FPA 1: Avail: 22444, Errors: 0\n FPA 2: Avail: 0, Errors: 0\n FPA 3: Avail: 135, Errors: 0\n FPA 4: Avail: 0, Errors: 0"
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0038",
"STATE": "PUBLIC",
"TITLE": "SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"platform": "SRX340/SRX345",
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S3, 17.4R3"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S1"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
},
{
"platform": "SRX340/SRX345",
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1X49"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10927",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10927"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D160, 17.4R2-S3, 17.4R3, 18.1R3-S1, 18.2R2, 18.3R1-S2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10927",
"defect": [
"1377152"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n The following log message may be displayed when the device is in this condition:\n\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n octagl_output:1093: out of buf\n\nAdministrators can monitor buffer space utilization by executing the command:\n\n request pfe\u00a0execute target fwdd\u00a0command \"show octeon\u00a0fpa\u00a0buffers\"\n ================ cluster1.node0 ================\n SENT: Ukern command: show octeon fpa buffers\n\n FPA 0: Avail: 23632, Errors: 0\n FPA 1: Avail: 22444, Errors: 0\n FPA 2: Avail: 0, Errors: 0\n FPA 3: Avail: 135, Errors: 0\n FPA 4: Avail: 0, Errors: 0"
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10927",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10927"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D160, 17.4R2-S3, 17.4R3, 18.1R3-S1, 18.2R2, 18.3R1-S2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10927",
"defect": [
"1377152"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

366
2019/0xxx/CVE-2019-0039.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0039",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Login credentials are vulnerable to brute force attacks through the REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S1"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The REST API can be enabled using the following configuration option:\n\n system services rest http\n system services rest enable-explorer "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks.\n\nThe high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks.\nAffected releases are Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D49;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S3;\n15.1X49 versions prior to 15.1X49-D160;\n15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69;\n16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3;\n16.1X65 versions prior to 16.1X65-D49;\n16.2 versions prior to 16.2R2-S7;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R1-S8, 17.2R3-S1;\n17.3 versions prior to 17.3R3-S2;\n17.4 versions prior to 17.4R1-S6, 17.4R2-S2;\n18.1 versions prior to 18.1R2-S4, 18.1R3-S1;\n18.2 versions prior to 18.2R1-S5;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R1-S1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0039",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Login credentials are vulnerable to brute force attacks through the REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D49"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S3"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D49"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8, 17.2R3-S1"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S6, 17.4R2-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S1"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S5"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10928",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10928"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D49, 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S2, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S1, 18.2R1-S5, 18.2X75-D30, 18.3R1-S1, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10928",
"defect": [
"1289313"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Setting a connection limit on REST API may help mitigate this issue.\n set system services rest control connection-limit 100 \n\nUse access lists or firewall filters to limit API access to the device only from trusted hosts.\n"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The REST API can be enabled using the following configuration option:\n\n system services rest http\n system services rest enable-explorer "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10928",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10928"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D49, 15.1F6-S12, 15.1R7-S3, 15.1X49-D160, 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3, 16.1X65-D49, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R1-S8, 17.2R3-S1, 17.3R3-S2, 17.4R1-S6, 17.4R2-S2, 18.1R2-S4, 18.1R3-S1, 18.2R1-S5, 18.2X75-D30, 18.3R1-S1, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10928",
"defect": [
"1289313"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Setting a connection limit on REST API may help mitigate this issue.\n set system services rest control connection-limit 100 \n\nUse access lists or firewall filters to limit API access to the device only from trusted hosts.\n"
}
]
}

310
2019/0xxx/CVE-2019-0040.json
View File

@ -1,158 +1,158 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0040",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S1"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S1, 17.4R1-S7, 17.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS).\n\nNote: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue.\n\nThis issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing:\n\n user@junos> show version | match kernel \n JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10]\n\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S12, 15.1R7-S4;\n15.1X53 versions prior to 15.1X53-D236;\n16.1 versions prior to 16.1R7-S1;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R3;\n17.2 versions prior to 17.2R1-S8;\n17.3 versions prior to 17.3R2;\n17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2.\n\nThis issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0040",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S4"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D236"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S1"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S8"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S1, 17.4R1-S7, 17.4R2"
},
{
"version_affected": "!<",
"version_name": "all",
"version_value": "15.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10929",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10929"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S4, 15.1X53-D236, 16.1R7-S1, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3, 17.3R2, 17.4R1-S1, 17.4R1-S7, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10929",
"defect": [
"1296262"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to port 111 on the device.\n"
},
{
"lang": "eng",
"value": "Disable the management interface (fxp0) if it is not needed in a production environment.\n"
},
{
"lang": "eng",
"value": "If neither MS MICs nor MS MPCs are deployed, an additional option is to disable rpcbind via the configuration command:\n\n set system processes rpcbind-service disable\n"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS). Note: Systems with fxp0 disabled or unconfigured are not vulnerable to this issue. This issue only affects Junos OS releases based on FreeBSD 10 or higher (typically Junos OS 15.1+). Administrators can confirm whether systems are running a version of Junos OS based on FreeBSD 10 or higher by typing: user@junos> show version | match kernel JUNOS OS Kernel 64-bit [20181214.223829_fbsd-builder_stable_10] Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D236; 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8; 17.3 versions prior to 17.3R2; 17.4 versions prior to 17.4R1-S1, 17.4R1-S7, 17.4R2. This issue does not affect Junos OS releases prior to 15.1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10929",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10929"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1F6-S12, 15.1R7-S4, 15.1X53-D236, 16.1R7-S1, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R3, 17.3R2, 17.4R1-S1, 17.4R1-S7, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10929",
"defect": [
"1296262"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to port 111 on the device.\n"
},
{
"lang": "eng",
"value": "Disable the management interface (fxp0) if it is not needed in a production environment.\n"
},
{
"lang": "eng",
"value": "If neither MS MICs nor MS MPCs are deployed, an additional option is to disable rpcbind via the configuration command:\n\n set system processes rpcbind-service disable\n"
}
]
}

228
2019/0xxx/CVE-2019-0041.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0041",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S2, 18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires filters configured on lo0."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic.\nThis issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series.\nThis issue does not affect any other EX series devices."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0041",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R1-S2, 18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10933",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10933"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R1-S2, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10933",
"defect": [
"1379328"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Removing lo0 filters would mitigate this issue."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires filters configured on lo0."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10933",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10933"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R1-S2, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10933",
"defect": [
"1379328"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Removing lo0 filters would mitigate this issue."
}
]
}

256
2019/0xxx/CVE-2019-0042.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0042",
"STATE": "PUBLIC",
"TITLE": "Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper Identity Management Service",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue applicable only when the Windows Domain Controller's policy is set to audit account logon failures and SRX has any security policies configured with the term \"match source-identity authenticated-user\".\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0042",
"STATE": "PUBLIC",
"TITLE": "Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper Identity Management Service",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\nIf the issue is being exploited to bypass SRX firewall policies, suspicious or unusual usernames or IP addresses entries may be present in the SRX auth table."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10934",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10934"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 1.1.4 and all subsequent releases.\n\nIf suspicious or unusual usernames or IP addresses entries are present in the SRX auth table, they need to be removed from the SRX auth table."
}
],
"source": {
"advisory": "JSA10934",
"defect": [
"1409607"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "On the domain controller(s), edit GPO policy for Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Audit Policy.\nUncheck \"Failure\" for \"Audit account logon events\". This option is unchecked by default.\nIn the cmd prompt, enter \"gpupdate /force\" to immediately update the policy change."
}
]
"value": "This issue applicable only when the Windows Domain Controller's policy is set to audit account logon failures and SRX has any security policies configured with the term \"match source-identity authenticated-user\".\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\nIf the issue is being exploited to bypass SRX firewall policies, suspicious or unusual usernames or IP addresses entries may be present in the SRX auth table."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10934",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10934"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 1.1.4 and all subsequent releases.\n\nIf suspicious or unusual usernames or IP addresses entries are present in the SRX auth table, they need to be removed from the SRX auth table."
}
],
"source": {
"advisory": "JSA10934",
"defect": [
"1409607"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "On the domain controller(s), edit GPO policy for Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Audit Policy.\nUncheck \"Failure\" for \"Audit account logon events\". This option is unchecked by default.\nIn the cmd prompt, enter \"gpupdate /force\" to immediately update the policy change."
}
]
}

442
2019/0xxx/CVE-2019-0043.json
View File

@ -1,224 +1,224 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0043",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes upon receipt of a specific SNMP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS ",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
},
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D75"
},
{
"platform": "EX/QFX series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
},
{
"version_affected": "<",
"version_name": "15.1 ",
"version_value": "15.1R4-S9, 15.1R7-S2"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S11"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D141, 15.1X49-D144, 15.1X49-D150"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D234"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D68"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D471"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"platform": "ACX Series",
"version_affected": "=",
"version_name": "15.1X54",
"version_value": "15.1X54"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S6"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S8, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92, 17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R1-S1, 18.1R2-S1, 18.1R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service.\nNo other Juniper Networks products or platforms are affected by this issue.\nAffected releases are Juniper Networks Junos OS :\n12.1X46 versions prior to 12.1X46-D77 on SRX Series;\n12.3 versions prior to 12.3R12-S10;\n12.3X48 versions prior to 12.3X48-D75 on SRX Series;\n14.1X53 versions prior to 14.1X53-D48 on EX/QFX series;\n15.1 versions prior to 15.1R4-S9, 15.1R7-S2;\n15.1F6 versions prior to 15.1F6-S11;\n15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series;\n15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D68 on QFX10K Series;\n15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series;\n15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series;\n15.1X54 on ACX Series;\n16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7;\n16.1X65 versions prior to 16.1X65-D48;\n16.2 versions prior to 16.2R2-S6;\n17.1 versions prior to 17.1R2-S8, 17.1R3;\n17.2 versions prior to 17.2R1-S7, 17.2R3;\n17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110;\n17.3 versions prior to 17.3R3;\n17.4 versions prior to 17.4R1-S4, 17.4R2;\n18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3;\n18.2X75 versions prior to 18.2X75-D10."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0043",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD process crashes upon receipt of a specific SNMP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS ",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
},
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D75"
},
{
"platform": "EX/QFX series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
},
{
"version_affected": "<",
"version_name": "15.1 ",
"version_value": "15.1R4-S9, 15.1R7-S2"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S11"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D141, 15.1X49-D144, 15.1X49-D150"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D234"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D68"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D471"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"platform": "ACX Series",
"version_affected": "=",
"version_name": "15.1X54",
"version_value": "15.1X54"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7"
},
{
"version_affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D48"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S6"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S8, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D92, 17.2X75-D102, 17.2X75-D110"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R1-S1, 18.1R2-S1, 18.1R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10935",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10935"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D48, 15.1F6-S11, 15.1R4-S9, 15.1R7-S2, 15.1X49-D141, 15.1X49-D144, 15.1X49-D150, 15.1X53-D234, 15.1X53-D471, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7, 16.1X65-D48, 16.2R2-S6, 17.1R2-S8, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R1-S1, 18.1R2-S1, 18.1R3, 18.2R1, 18.2X75-D10, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10935",
"defect": [
"1359966"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10935",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10935"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D75, 14.1X53-D48, 15.1F6-S11, 15.1R4-S9, 15.1R7-S2, 15.1X49-D141, 15.1X49-D144, 15.1X49-D150, 15.1X53-D234, 15.1X53-D471, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7, 16.1X65-D48, 16.2R2-S6, 17.1R2-S8, 17.1R3, 17.2R1-S7, 17.2R3, 17.2X75-D102, 17.2X75-D110, 17.2X75-D92, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R1-S1, 18.1R2-S1, 18.1R3, 18.2R1, 18.2X75-D10, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10935",
"defect": [
"1359966"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
}
]
}

240
2019/0xxx/CVE-2019-0044.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0044",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D82"
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D80 "
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore).\nBy continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS).\nAffected releases are Juniper Networks SRX5000 Series:\n12.1X46 versions prior to 12.1X46-D82;\n12.3X48 versions prior to 12.3X48-D80;\n15.1X49 versions prior to 15.1X49-D160."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0044",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D82"
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D80 "
},
{
"platform": "SRX5000 series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D160"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10936",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10936"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D82, 12.3X48-D80, 15.1X49-D160 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10936",
"defect": [
"1362221"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10936",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10936"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D82, 12.3X48-D80, 15.1X49-D160 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10936",
"defect": [
"1362221"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

5
2019/0xxx/CVE-2019-0216.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E",
"url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
"url": "http://www.openwall.com/lists/oss-security/2019/04/10/6"
}
]
},

5
2019/0xxx/CVE-2019-0229.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E",
"url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component",
"url": "http://www.openwall.com/lists/oss-security/2019/04/10/6"
}
]
},

84
2019/0xxx/CVE-2019-0278.json
View File

@ -1,17 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0278",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0278",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration (Messaging System)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2741201",
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
}

80
2019/0xxx/CVE-2019-0279.json
View File

@ -1,17 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0279",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0279",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP BASIS",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "from 7.00 to 7.02"
},
{
"version_name": "<",
"version_value": "from 7.10 to 7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "from 7.50 to 7.53"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2753629",
"url": "https://launchpad.support.sap.com/#/notes/2753629"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges."
}
]
}

80
2019/0xxx/CVE-2019-0282.json
View File

@ -1,17 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0282",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration (Runtime Workbench)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "from 7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2742758",
"url": "https://launchpad.support.sap.com/#/notes/2742758"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker."
}
]
}

80
2019/0xxx/CVE-2019-0283.json
View File

@ -1,17 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0283",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0283",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration (Adapter Engine)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "from 7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Digital Signature Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2747683",
"url": "https://launchpad.support.sap.com/#/notes/2747683"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document."
}
]
}

68
2019/0xxx/CVE-2019-0284.json
View File

@ -1,17 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0284",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0284",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP HANA",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
},
{
"version_name": "<",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2772376",
"url": "https://launchpad.support.sap.com/#/notes/2772376"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files."
}
]
}

64
2019/0xxx/CVE-2019-0285.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0285",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0285",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Crystal Reports for Visual Studio",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "2010"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
},
{
"refsource": "CONFIRM",
"name": "https://launchpad.support.sap.com/#/notes/2687663",
"url": "https://launchpad.support.sap.com/#/notes/2687663"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
}
]
}

6
2019/1003xxx/CVE-2019-1003049.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-1003049",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1289"
}
]
}

6
2019/1003xxx/CVE-2019-1003050.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-1003050",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1327",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-04-10/#SECURITY-1327"
}
]
}

61
2019/11xxx/CVE-2019-11069.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sequelize before 5.3.0 does not properly ensure that standard conforming strings are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sequelize/sequelize/pull/10746/files",
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/pull/10746/files"
},
{
"url": "https://github.com/sequelize/sequelize/releases/tag/v5.3.0",
"refsource": "MISC",
"name": "https://github.com/sequelize/sequelize/releases/tag/v5.3.0"
}
]
}

67
2019/11xxx/CVE-2019-11070.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718",
"refsource": "MISC",
"name": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"url": "https://trac.webkit.org/changeset/243197/webkit",
"refsource": "MISC",
"name": "https://trac.webkit.org/changeset/243197/webkit"
}
]
}
}

77
2019/11xxx/CVE-2019-11071.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html",
"refsource": "MISC",
"name": "https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html"
},
{
"url": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36",
"refsource": "MISC",
"name": "https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36"
},
{
"url": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e",
"refsource": "MISC",
"name": "https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e"
},
{
"url": "https://github.com/spip/SPIP/compare/1e3872c...9861a47",
"refsource": "MISC",
"name": "https://github.com/spip/SPIP/compare/1e3872c...9861a47"
}
]
}
}

188
2019/3xxx/CVE-2019-3612.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3612",
"STATE": "PUBLIC",
"TITLE": "Information disclosure vulnerability in McAfee TIE Server and DXL Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data eXchange Layer (DXL) Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.0.1 HF2"
}
]
}
},
{
"product_name": "Threat Intelligence Exchange (TIE) Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3.1 HF1"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3612",
"STATE": "PUBLIC",
"TITLE": "Information disclosure vulnerability in McAfee TIE Server and DXL Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data eXchange Layer (DXL) Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.0.1 HF2"
}
]
}
},
{
"product_name": "Threat Intelligence Exchange (TIE) Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3.1 HF1"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10279",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10279"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10279",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10279"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

64
2019/3xxx/CVE-2019-3943.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3943",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3943",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MikroTik",
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-16",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
}