admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-15 16:04:34 -05:00
parent a364543485
commit b8a35e611b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
29 changed files with 2124 additions and 2121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2018/0xxx/CVE-2018-0060.json
View File

@ -1,168 +1,168 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0060",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0060",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D40"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D40"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D20"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D20"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D40"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D40"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D20"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D20"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D68"
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D68"
},
{
"affected": "<",
"platform": "QFX5200/QFX5110",
"version_name": "15.1X53",
"version_value": "15.1X53-D235"
"affected" : "<",
"platform" : "QFX5200/QFX5110",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D235"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D495"
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D495"
},
{
"affected": "<",
"platform": "EX2300/EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
"affected" : "<",
"platform" : "EX2300/EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D590"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S2"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R7-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2."
"lang" : "eng",
"value" : "An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper input validation"
"lang" : "eng",
"value" : "Improper input validation"
}
]
},
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10895",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10895"
"name" : "https://kb.juniper.net/JSA10895",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10895"
},
{
"name": "1041858",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041858"
"name" : "1041858",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041858"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D40, 12.3X48-D20, 14.1X53-D40, 15.1X49-D20, 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1R7-S2, 16.1R1and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D40, 12.3X48-D20, 14.1X53-D40, 15.1X49-D20, 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1R7-S2, 16.1R1and all subsequent releases."
}
],
"source": {
"advisory": "JSA10895",
"defect": [
"source" : {
"advisory" : "JSA10895",
"defect" : [
"1082817"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Configure the device to use static IP addresses for all interfaces.\nDisable DHCP services.\n"
"lang" : "eng",
"value" : "Configure the device to use static IP addresses for all interfaces.\nDisable DHCP services.\n"
}
]
}

101
2018/14xxx/CVE-2018-14662.json
View File

@ -1,74 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14662",
"ASSIGNER": "sfowler@redhat.com"
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-14662",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ceph",
"version": {
"version_data": [
"product_name" : "ceph",
"version" : {
"version_data" : [
{
"version_value": "13.2.4"
"version_value" : "13.2.4"
}
]
}
}
]
}
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
"lang" : "eng",
"value" : "It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption."
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662",
"refsource": "CONFIRM"
},
{
"url": "https://ceph.com/releases/13-2-4-mimic-released"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption."
}
]
},
"impact": {
"cvss": [
"impact" : {
"cvss" : [
[
{
"vectorString": "3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
"vectorString" : "3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ceph.com/releases/13-2-4-mimic-released",
"refsource" : "MISC",
"url" : "https://ceph.com/releases/13-2-4-mimic-released"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662"
}
]
}
}

188
2019/0xxx/CVE-2019-0001.json
View File

@ -1,156 +1,156 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0001",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd)."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0001",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd)."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "MX Series",
"version_name": "16.1",
"version_value": "16.1R7-S1"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "16.1",
"version_value" : "16.1R7-S1"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "16.2",
"version_value": "16.2R2-S7"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "16.2",
"version_value" : "16.2R2-S7"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.1",
"version_value" : "17.1R2-S10, 17.1R3"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.2",
"version_value": "17.2R3"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.2",
"version_value" : "17.2R3"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.3",
"version_value": "17.3R3-S1"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.3",
"version_value" : "17.3R3-S1"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.4",
"version_value": "17.4R2"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "18.1",
"version_value": "18.1R3"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "18.1",
"version_value" : "18.1R3"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "18.2",
"version_value": "18.2R2"
"affected" : "<",
"platform" : "MX Series",
"version_name" : "18.2",
"version_value" : "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue can only occur on MX Series devices with dynamic vlan configuration."
"lang" : "eng",
"value" : "This issue can only occur on MX Series devices with dynamic vlan configuration."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device.\nAffected releases are Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S1;\n16.2 versions prior to 16.2R2-S7;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3-S1;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2."
"lang" : "eng",
"value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-674: Uncontrolled Recursion"
"lang" : "eng",
"value" : "CWE-674: Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10900",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10900"
"name" : "https://kb.juniper.net/JSA10900",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10900"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following Junos OS releases have been updated to resolve this specific issue: 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following Junos OS releases have been updated to resolve this specific issue: 16.1R7-S1, 16.2R2-S7, 17.1R2-S10, 17.1R3, 17.2R3, 17.3R3-S1, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10900",
"defect": [
"source" : {
"advisory" : "JSA10900",
"defect" : [
"1356474"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}

148
2019/0xxx/CVE-2019-0002.json
View File

@ -1,125 +1,125 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0002",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0002",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D590"
},
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "18.1",
"version_value": "18.1R3"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "18.1",
"version_value" : "18.1R3"
},
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "18.2",
"version_value": "18.2R2"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "18.2",
"version_value" : "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect.\n\n\n\nWhen this issue occurs, the output of the command: \n show pfe filter hw summary\nwill not show the entry for:\n RACL group\n\nAffected releases are Junos OS on EX2300 and EX3400 series:\n15.1X53 versions prior to 15.1X53-D590;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2.\nThis issue affect both IPv4 and IPv6 firewall filter."
"lang" : "eng",
"value" : "On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.8,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
"lang" : "eng",
"value" : "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10901",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10901"
"name" : "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html",
"refsource" : "MISC",
"url" : "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-filter.html"
"name" : "https://kb.juniper.net/JSA10901",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10901"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D590, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10901",
"defect": [
"source" : {
"advisory" : "JSA10901",
"defect" : [
"1364866"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
"lang" : "eng",
"value" : "There are no known workarounds for this issue."
}
]
}

182
2019/0xxx/CVE-2019-0003.json
View File

@ -1,153 +1,153 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0003",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0003",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D77"
},
{
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D70"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D70"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R3"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R3"
},
{
"affected": "<",
"version_name": "15.1F",
"version_value": "15.1F3"
"affected" : "<",
"version_name" : "15.1F",
"version_value" : "15.1F3"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D140"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D140"
},
{
"affected": "<",
"platform": "EX2300/EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
"affected" : "<",
"platform" : "EX2300/EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI.\n"
"lang" : "eng",
"value" : "The following maximal parent* configuration is required:\n set protocols bgp group [FLOWSPEC]\nand\n set policy-options policy-statement\n set routing-options flow term-order\n\nSpecific child* relationship configuration details vary by implementation which may introduce this vulnerability.\n\n*\"parent\" and \"child\" as in a parent-child tree structure relationship within the CLI.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated.\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D77 on SRX Series;\n12.3 versions prior to 12.3R12-S10;\n12.3X48 versions prior to 12.3X48-D70 on SRX Series;\n14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;\n15.1 versions prior to 15.1R3;\n15.1F versions prior to 15.1F3;\n15.1X49 versions prior to 15.1X49-D140 on SRX Series;\n15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400."
"lang" : "eng",
"value" : "When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling \n"
"lang" : "eng",
"value" : "Incomplete assertion \nCWE-617: Reachable Assertion\nDenial of Service\n\nCAPEC:\n.262 Manipulate System Resources\n.262.607 Obstruction\n.262.607.582 Route Disabling\n.262.607.582.584 BGP Route Disabling \n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10902",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10902"
"name" : "https://kb.juniper.net/JSA10902",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10902"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 14.1X53-D47, 15.1F3, 15.1R3, 15.1X49-D140, 15.1X53-D59, 16.1R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10902",
"defect": [
"source" : {
"advisory" : "JSA10902",
"defect" : [
"1116761"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Disable BGP flowspec.\nThere are no other available workarounds for this issue."
"lang" : "eng",
"value" : "Disable BGP flowspec.\nThere are no other available workarounds for this issue."
}
]
}

118
2019/0xxx/CVE-2019-0004.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0004",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: API and device keys are logged in a world-readable permissions file"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0004",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: API and device keys are logged in a world-readable permissions file"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users.\nThese keys are used for performing critical operations on the WebUI interface.\nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-532 - Information Exposure Through Log Files"
"lang" : "eng",
"value" : "CWE-532 - Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is also recommended to change the device key after the upgrade."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is also recommended to change the device key after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365691"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

204
2019/0xxx/CVE-2019-0005.json
View File

@ -1,168 +1,168 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0005",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX and QFX series: Stateless firewall filter ignores IPv6 extension headers"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0005",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: EX and QFX series: Stateless firewall filter ignores IPv6 extension headers"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "15.1",
"version_value": "15.1R7"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "15.1",
"version_value" : "15.1R7"
},
{
"affected": "<",
"platform": "QFX5200/QFX5110 series",
"version_name": "15.1X53",
"version_value": "15.1X53-D234"
"affected" : "<",
"platform" : "QFX5200/QFX5110 series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D234"
},
{
"affected": "<",
"platform": "EX2300/EX3400 series",
"version_name": "15.1X53",
"version_value": "15.1X53-D591"
"affected" : "<",
"platform" : "EX2300/EX3400 series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D591"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "16.1",
"version_value": "16.1R7"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "16.1",
"version_value" : "16.1R7"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "17.1",
"version_value": "17.1R2-S10, 17.1R3"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "17.1",
"version_value" : "17.1R2-S10, 17.1R3"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "17.2",
"version_value": "17.2R3"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "17.2",
"version_value" : "17.2R3"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "17.3",
"version_value": "17.3R3"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "17.3",
"version_value" : "17.3R3"
},
{
"affected": "<",
"platform": "EX4600, QFX3K series, QFX5k series",
"version_name": "17.4",
"version_value": "17.4R2"
"affected" : "<",
"platform" : "EX4600, QFX3K series, QFX5k series",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected": "<",
"platform": "EX2300/EX3400, EX4600, QFX3K series, QFX5k series",
"version_name": "18.1",
"version_value": "18.1R2"
"affected" : "<",
"platform" : "EX2300/EX3400, EX4600, QFX3K series, QFX5k series",
"version_name" : "18.1",
"version_value" : "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue occurs when the following IPv6 firewall filter is configured: \n [firewall family inet6 filter <filter-name> term <term-name> from next-header <header-type> ] \n [firewall family inet6 filter <filter-name> term <term-name> from extension-headers <header-type> ] \n [firewall family inet6 filter <filter-name> term <term-name> from extension-headers-except <header-type> ]\n [firewall family inet6 filter <filter-name> term <term-name> from next-header-except <header-type> ]\n"
"lang" : "eng",
"value" : "This issue occurs when the following IPv6 firewall filter is configured: \n [firewall family inet6 filter <filter-name> term <term-name> from next-header <header-type> ] \n [firewall family inet6 filter <filter-name> term <term-name> from extension-headers <header-type> ] \n [firewall family inet6 filter <filter-name> term <term-name> from extension-headers-except <header-type> ]\n [firewall family inet6 filter <filter-name> term <term-name> from next-header-except <header-type> ]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers.\nThis issue may allow IPv6 packets that should have been blocked to be forwarded.\n\nIPv4 packet filtering is unaffected by this vulnerability.\nAffected releases are Juniper Networks Junos OS on EX and QFX series;:\n14.1X53 versions prior to 14.1X53-D47;\n15.1 versions prior to 15.1R7;\n15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series;\n15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series;\n16.1 versions prior to 16.1R7;\n17.1 versions prior to 17.1R2-S10, 17.1R3;\n17.2 versions prior to 17.2R3;\n17.3 versions prior to 17.3R3;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R2."
"lang" : "eng",
"value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.8,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "filter bypass"
"lang" : "eng",
"value" : "filter bypass"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10905",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10905"
"name" : "https://kb.juniper.net/JSA10905",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10905"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D47, 15.1R7, 15.1X53-D234, 15.1X53-D591, 16.1R7, 17.1R3, 17.2R3, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D47, 15.1R7, 15.1X53-D234, 15.1X53-D591, 16.1R7, 17.1R3, 17.2R3, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10905",
"defect": [
"source" : {
"advisory" : "JSA10905",
"defect" : [
"1346052"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
"lang" : "eng",
"value" : "There are no known workarounds for this issue."
}
]
}

142
2019/0xxx/CVE-2019-0006.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0006",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration "
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0006",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration "
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
"affected" : "<",
"platform" : "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected": "<",
"platform": "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms, MX Virtual Chassis Platforms",
"version_name": "15.1",
"version_value": "15.1R7-S3"
"affected" : "<",
"platform" : "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms, MX Virtual Chassis Platforms",
"version_name" : "15.1",
"version_value" : "15.1R7-S3"
},
{
"affected": "<",
"platform": "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms",
"version_name": "15.1X53",
"version_value": "15.1X53-D50"
"affected" : "<",
"platform" : "EX Virtual Chassis Platforms, QFX Virtual Chassis Platforms",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D50"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution.\nThis issue only occurs when the crafted packet it destined to the device.\nAffected releases are Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms;\n15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms\n15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms."
"lang" : "eng",
"value" : "A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen in a production network where a routine security scan was performed on the device."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen in a production network where a routine security scan was performed on the device."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-908: Use of Uninitialized Resource"
"lang" : "eng",
"value" : "CWE-908: Use of Uninitialized Resource"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10906",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10906"
"name" : "https://kb.juniper.net/JSA10906",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10906"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following Junos OS releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7-S3, 16.1R1 and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following Junos OS releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7-S3, 16.1R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10906",
"defect": [
"source" : {
"advisory" : "JSA10906",
"defect" : [
"1351411",
"1166070"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}

126
2019/0xxx/CVE-2019-0007.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0007",
"STATE": "PUBLIC",
"TITLE": "Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0007",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "vMX Series",
"version_name": "15.1",
"version_value": "15.1F5"
"affected" : "<",
"platform" : "vMX Series",
"version_name" : "15.1",
"version_value" : "15.1F5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack.\n\nThis issue was found during internal product security testing.\n\nAffected releases are Juniper Networks Junos OS:\n15.1 versions prior to 15.1F5 on vMX Series."
"lang" : "eng",
"value" : "The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.3,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
"lang" : "eng",
"value" : "Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10903",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10903"
"name" : "https://kb.juniper.net/JSA10903",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10903"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1F5, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 15.1F5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10903",
"defect": [
"source" : {
"advisory" : "JSA10903",
"defect" : [
"1140895"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.\n\nDeny incoming packets with invalid source addresses From reaching the device.\nUtilize egress filtering to prevent invalid / spoofed packets from leaving your network(s).\nEnable stateful firewall filters where possible.\nUtilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks."
"lang" : "eng",
"value" : "When used in whole, the following workaround methods may reduce the risk of information exfiltration from the customer environment, and reduce the chance of being subjected to, or propagating D/DoS attacks against other targets.\n\nDeny incoming packets with invalid source addresses From reaching the device.\nUtilize egress filtering to prevent invalid / spoofed packets from leaving your network(s).\nEnable stateful firewall filters where possible.\nUtilize SYN-based anti-flood protection mechanisms where possible to reduce or avoid D/DoS attacks."
}
]
}

136
2019/0xxx/CVE-2019-0009.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0009",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0009",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "15.1X53",
"version_value": "15.1X53-D113, 15.1X53-D590"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D113, 15.1X53-D590"
},
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "18.1",
"version_value": "18.1R2-S2, 18.1R3"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "18.1",
"version_value" : "18.1R2-S2, 18.1R3"
},
{
"affected": "<",
"platform": "EX2300 and EX3400 series",
"version_name": "18.2",
"version_value": "18.2R2"
"affected" : "<",
"platform" : "EX2300 and EX3400 series",
"version_name" : "18.2",
"version_value" : "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).\nIn a virtual chassis (VC) deployment, this issue disrupts communication between the VC members.\nThis issue does not affect other Junos platforms.\nAffected releases are Junos OS on EX2300 and EX3400 series:\n15.1X53 versions prior to 15.1X53-D590;\n18.1 versions prior to 18.1R2-S2, 18.1R3;\n18.2 versions prior to 18.2R2."
"lang" : "eng",
"value" : "On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 5.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "DoS"
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10909",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10909"
"name" : "https://kb.juniper.net/JSA10909",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10909"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D113, 15.1X53-D590, 18.1R2-S2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D113, 15.1X53-D590, 18.1R2-S2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10909",
"defect": [
"source" : {
"advisory" : "JSA10909",
"defect" : [
"1355593"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Avoid performing operation that may generate high disk I/O.\nLimiting the access to the device to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "Avoid performing operation that may generate high disk I/O.\nLimiting the access to the device to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

148
2019/0xxx/CVE-2019-0010.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0010",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0010",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D81"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D81"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D77"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D77"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D101, 15.1X49-D110"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D101, 15.1X49-D110"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue might occur when UTM policy is configured and applied to the security policy that inspect HTTP traffic :\n [security utm feature-profile anti-virus]\nin combination with:\n [security policies from-zone to-zone … then permit application-services utm-policy <policy-name>]\n"
"lang" : "eng",
"value" : "This issue might occur when UTM policy is configured and applied to the security policy that inspect HTTP traffic :\n [security utm feature-profile anti-virus]\nin combination with:\n [security policies from-zone to-zone … then permit application-services utm-policy <policy-name>]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message \"mbuf exceed\" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages:\n\n all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%.\n all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%.\n all_logs.0:Jun 8 03:25:24 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 52%.\n ...\n\nEventually the system runs out of mbufs and the system crashes (fails over) with the error \"mbuf exceed\".\n\nThis issue only occurs when HTTP AV inspection is configured. Devices configured for Web Filtering alone are unaffected by this issue.\n\nAffected releases are Junos OS on SRX Series:\n12.1X46 versions prior to 12.1X46-D81;\n12.3X48 versions prior to 12.3X48-D77;\n15.1X49 versions prior to 15.1X49-D101, 15.1X49-D110. \n"
"lang" : "eng",
"value" : "An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message \"mbuf exceed\" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_logs.0:Jun 8 03:25:24 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 52%. ... Eventually the system runs out of mbufs and the system crashes (fails over) with the error \"mbuf exceed\". This issue only occurs when HTTP AV inspection is configured. Devices configured for Web Filtering alone are unaffected by this issue. Affected releases are Junos OS on SRX Series: 12.1X46 versions prior to 12.1X46-D81; 12.3X48 versions prior to 12.3X48-D77; 15.1X49 versions prior to 15.1X49-D101, 15.1X49-D110."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10910",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10910"
"name" : "https://kb.juniper.net/JSA10910",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10910"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D81, 12.3X48-D77, 15.1X49-D101, 15.1X49-D110, 17.3R1, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D81, 12.3X48-D77, 15.1X49-D101, 15.1X49-D110, 17.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10910",
"defect": [
"source" : {
"advisory" : "JSA10910",
"defect" : [
"1283806"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}

148
2019/0xxx/CVE-2019-0011.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0011",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011)"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0011",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011)"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S7, 17.2R3"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R3-S3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S4, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S4, 17.4R2"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D110"
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D110"
},
{
"affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
"affected" : "<",
"version_name" : "18.1",
"version_value" : "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address.\nBy continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service.\nAffected releases are Juniper Networks Junos OS:\n17.2 versions prior to 17.2R1-S7, 17.2R3;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R1-S4, 17.4R2;\n17.2X75 versions prior to 17.2X75-D110;\n18.1 versions prior to 18.1R2."
"lang" : "eng",
"value" : "The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "DoS"
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10911",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10911"
"name" : "https://kb.juniper.net/JSA10911",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10911"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R1-S7, 17.2R3, 17.2X75-D110, 17.3R3-S3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R1-S7, 17.2R3, 17.2X75-D110, 17.3R3-S3, 17.4R1-S4, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10911",
"defect": [
"source" : {
"advisory" : "JSA10911",
"defect" : [
"1318556"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Apply a firewall filter on the management interface which permits only the necessary traffic on management interface to the device's local address, such as SNMP, SSH, or other management traffic and drops everything else.\n"
"lang" : "eng",
"value" : "Apply a firewall filter on the management interface which permits only the necessary traffic on management interface to the device's local address, such as SNMP, SSH, or other management traffic and drops everything else.\n"
}
]
}

208
2019/0xxx/CVE-2019-0012.json
View File

@ -1,178 +1,178 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0012",
"STATE": "PUBLIC",
"TITLE": "Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0012",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D81"
"affected" : "<",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D81"
},
{
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S12"
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S12"
},
{
"affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D76"
"affected" : "<",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D76"
},
{
"affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
"affected" : "<",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D48"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S12, 15.1R7-S2"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F6-S12, 15.1R7-S2"
},
{
"affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D150"
"affected" : "<",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D150"
},
{
"affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68"
"affected" : "<",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S7"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S9, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S9, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R2-S6, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S7, 17.2R2-S6, 17.2R3"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S4, 17.3R3"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R2-S4, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S5, 17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S5, 17.4R2"
},
{
"affected": "<",
"version_name": "18.1",
"version_value": "18.1R2-S3, 18.1R3"
"affected" : "<",
"version_name" : "18.1",
"version_value" : "18.1R2-S3, 18.1R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue only occurs when BGP Auto discovery for LDP VPLS is configured:\n set protocols bgp group <name> family l2vpn auto-discovery-only\n set routing-instances <name> instance-type vpls\n set routing-instances <name> l2vpn-id l2vpn-id:<id>"
"lang" : "eng",
"value" : "This issue only occurs when BGP Auto discovery for LDP VPLS is configured:\n set protocols bgp group <name> family l2vpn auto-discovery-only\n set routing-instances <name> instance-type vpls\n set routing-instances <name> l2vpn-id l2vpn-id:<id>"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition.\n\nThis issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. \nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D81;\n12.3 versions prior to 12.3R12-S12;\n12.3X48 versions prior to 12.3X48-D76;\n14.1X53 versions prior to 14.1X53-D48;\n15.1 versions prior to 15.1F6-S12, 15.1R7-S2;\n15.1X49 versions prior to 15.1X49-D150;\n15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68;\n16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1;\n16.2 versions prior to 16.2R2-S7;\n17.1 versions prior to 17.1R2-S9, 17.1R3;\n17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3;\n17.3 versions prior to 17.3R2-S4, 17.3R3;\n17.4 versions prior to 17.4R1-S5, 17.4R2;\n18.1 versions prior to 18.1R2-S3, 18.1R3."
"lang" : "eng",
"value" : "A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10912",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10912"
"name" : "https://kb.juniper.net/JSA10912",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10912"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D81, 12.3R12-S12*, 12.3X48-D76, 12.3X48-D80, 15.1F6-S12, 15.1R7-S2, 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1, 16.2R2-S7, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R1-S5, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.2X75-D10, and all subsequent releases.\n\n*Future release"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D81, 12.3R12-S12*, 12.3X48-D76, 12.3X48-D80, 15.1F6-S12, 15.1R7-S2, 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1, 16.2R2-S7, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R1-S5, 17.4R2, 18.1R2-S3, 18.1R3, 18.2R1, 18.2X75-D10, and all subsequent releases.\n\n*Future release"
}
],
"source": {
"advisory": "JSA10912",
"defect": [
"source" : {
"advisory" : "JSA10912",
"defect" : [
"1352498"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
"lang" : "eng",
"value" : "There are no known workarounds for this issue."
}
]
}

184
2019/0xxx/CVE-2019-0013.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0013",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD crash upon receipt of malformed PIM packet"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0013",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: RPD crash upon receipt of malformed PIM packet"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
"affected" : "<",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D77"
},
{
"affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D77"
"affected" : "<",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D77"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S10, 15.1R6-S6, 15.1R7"
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F6-S10, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D150"
"affected" : "<",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D150"
},
{
"affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D233, 15.1X53-D59"
"affected" : "<",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233, 15.1X53-D59"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S8, 16.1R4-S8, 16.1R7"
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S8, 16.1R4-S8, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S6"
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S6"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S6, 17.1R3"
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S6, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R2-S3, 17.2R3"
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R2-S3, 17.2R3"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S4, 17.3R3"
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R2-S4, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition.\n\nThis issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability.\n\nAffected releases are Juniper Networks Junos OS:\n12.1X46 versions prior to 12.1X46-D77;\n12.3X48 versions prior to 12.3X48-D77;\n15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7;\n15.1X49 versions prior to 15.1X49-D150;\n15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59;\n16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7;\n16.2 versions prior to 16.2R2-S6;\n17.1 versions prior to 17.1R2-S6, 17.1R3;\n17.2 versions prior to 17.2R2-S3, 17.2R3;\n17.3 versions prior to 17.3R2-S4, 17.3R3;\n17.4 versions prior to 17.4R2."
"lang" : "eng",
"value" : "The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R2-S3, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Denial of Service"
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10913",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10913"
"name" : "https://kb.juniper.net/JSA10913",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10913"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D77, 12.3X48-D77, 15.1F6-S10, 15.1R6-S6, 15.1R7, 15.1X49-D150, 15.1X53-D233, 15.1X53-D59, 16.1R3-S8, 16.1R4-S8, 16.1R7, 16.2R2-S6, 17.1R2-S6, 17.1R3, 17.2R2-S3, 17.2R3, 17.3R2-S4, 17.3R3, 17.4R2, 18.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10913",
"defect": [
"source" : {
"advisory" : "JSA10913",
"defect" : [
"1293306"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "No known workaround exists for this issue."
"lang" : "eng",
"value" : "No known workaround exists for this issue."
}
]
}

156
2019/0xxx/CVE-2019-0014.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0014",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0014",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "QFX and PTX Series",
"version_name": "17.4",
"version_value": " 17.4R2-S1, 17.4R3"
"affected" : "<",
"platform" : "QFX and PTX Series",
"version_name" : "17.4",
"version_value" : " 17.4R2-S1, 17.4R3"
},
{
"affected": "<",
"platform": "QFX and PTX Series",
"version_name": "18.1",
"version_value": "18.1R3-S1, 18.1R4"
"affected" : "<",
"platform" : "QFX and PTX Series",
"version_name" : "18.1",
"version_value" : "18.1R3-S1, 18.1R4"
},
{
"affected": "<",
"platform": "QFX and PTX Series",
"version_name": "18.2",
"version_value": "18.2R1-S3, 18.2R2"
"affected" : "<",
"platform" : "QFX and PTX Series",
"version_name" : "18.2",
"version_value" : "18.2R1-S3, 18.2R2"
},
{
"affected": "<",
"platform": "QFX and PTX Series",
"version_name": "17.2X75",
"version_value": "17.2X75-D91, 17.2X75-D100"
"affected" : "<",
"platform" : "QFX and PTX Series",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D91, 17.2X75-D100"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "This issue only occurs when J-Flow is configured and learning next-hop addresses feature that is used to generate the true outgoing interface (OIF) statistic is enabled:\n [services flow-monitoring (version-ipfix | version9) template <template-name> nexthop-learning]"
"lang" : "eng",
"value" : "This issue only occurs when J-Flow is configured and learning next-hop addresses feature that is used to generate the true outgoing interface (OIF) statistic is enabled:\n [services flow-monitoring (version-ipfix | version9) template <template-name> nexthop-learning]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down.\nBy continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS).\n\nThis issue affects both IPv4 and IPv6 packet processing.\nAffected releases are Juniper Networks Junos OS on QFX and PTX Series:\n17.4 versions prior to 17.4R2-S1, 17.4R3;\n18.1 versions prior to 18.1R3-S1;\n18.2 versions prior to 18.2R1-S3, 18.2R2;\n17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100."
"lang" : "eng",
"value" : "On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "DoS"
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10914",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10914"
"name" : "https://kb.juniper.net/JSA10914",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10914"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2X75-D91, 17.2X75-D100, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.2R1-S3, 18.2R2, 18.2X75-D5, 18.3R1, and all subsequent releases."
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 17.2X75-D91, 17.2X75-D100, 17.4R2-S1, 17.4R3, 18.1R3-S1, 18.2R1-S3, 18.2R2, 18.2X75-D5, 18.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10914",
"defect": [
"source" : {
"advisory" : "JSA10914",
"defect" : [
"1348417"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Disable the functionality of learning of next-hop addresses:\n # set services flow-monitoring (version-ipfix | version9) template <template-name> nexthop-learning disable \n"
"lang" : "eng",
"value" : "Disable the functionality of learning of next-hop addresses:\n # set services flow-monitoring (version-ipfix | version9) template <template-name> nexthop-learning disable \n"
}
]
}

172
2019/0xxx/CVE-2019-0015.json
View File

@ -1,145 +1,145 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0015",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0015",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos OS",
"version": {
"version_data": [
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D75"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D75"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D150"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D150"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "17.3",
"version_value": "17.3R3"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "17.3",
"version_value" : "17.3R3"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "17.4",
"version_value": "17.4R2"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "18.1",
"version_value": "18.1R3"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "18.1",
"version_value" : "18.1R3"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "18.2",
"version_value": "18.2R2"
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "18.2",
"version_value" : "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "Sample configuration:\n\n user@host# show security dynamic-vpn\n access-profile dyn-vpn-access-profile;\n clients {\n \tgrp {\n \t\tuser {\n \t\t\tclient1;\n \t\t}\n \t}\n }\n"
"lang" : "eng",
"value" : "Sample configuration:\n\n user@host# show security dynamic-vpn\n access-profile dyn-vpn-access-profile;\n clients {\n \tgrp {\n \t\tuser {\n \t\t\tclient1;\n \t\t}\n \t}\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token.\n\nAffected releases are Junos OS on SRX Series:\n12.3X48 versions prior to 12.3X48-D75;\n15.1X49 versions prior to 15.1X49-D150;\n17.3 versions prior to 17.3R3;\n17.4 versions prior to 17.4R2;\n18.1 versions prior to 18.1R3;\n18.2 versions prior to 18.2R2.\n"
"lang" : "eng",
"value" : "A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Unauthorized access"
"lang" : "eng",
"value" : "Unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10915",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10915"
"name" : "https://kb.juniper.net/JSA10915",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10915"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10915",
"defect": [
"source" : {
"advisory" : "JSA10915",
"defect" : [
"1360111",
"1350867"
],
"discovery": "USER"
"discovery" : "USER"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}

116
2019/0xxx/CVE-2019-0016.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0016",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Authenticated user able to delete devices without delete device privileges"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0016",
"STATE" : "PUBLIC",
"TITLE" : "Junos Space: Authenticated user able to delete devices without delete device privileges"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos Space",
"version": {
"version_data": [
"product_name" : "Junos Space",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "18.3R1"
"affected" : "<",
"version_value" : "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user.\n\nAffected releases are Juniper Networks Junos Space versions prior to 18.3R1."
"lang" : "eng",
"value" : "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Access Control"
"lang" : "eng",
"value" : "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
"name" : "https://kb.juniper.net/JSA10917",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"source" : {
"advisory" : "JSA10917",
"defect" : [
"1351713"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device's management interface only from trusted hosts and administrators."
"lang" : "eng",
"value" : "Use access lists or firewall filters to limit access to the device's management interface only from trusted hosts and administrators."
}
]
}

116
2019/0xxx/CVE-2019-0017.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0017",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Unrestricted file upload vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0017",
"STATE" : "PUBLIC",
"TITLE" : "Junos Space: Unrestricted file upload vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Junos Space",
"version": {
"version_data": [
"product_name" : "Junos Space",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "18.3R1"
"affected" : "<",
"version_value" : "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types.\nAffected releases are Juniper Networks Junos Space versions prior to 18.3R1."
"lang" : "eng",
"value" : "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
"lang" : "eng",
"value" : "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
"name" : "https://kb.juniper.net/JSA10917",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"source" : {
"advisory" : "JSA10917",
"defect" : [
"1355724"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device's management interface only from trusted hosts and administrators."
"lang" : "eng",
"value" : "Use access lists or firewall filters to limit access to the device's management interface only from trusted hosts and administrators."
}
]
}

124
2019/0xxx/CVE-2019-0018.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0018",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0018",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365584"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0020.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0020",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Hard coded credentials used in Web Collector"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0020",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Hard coded credentials used in Web Collector"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software.\nAffected releases are Juniper Networks Juniper ATP:\n5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 10,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"lang" : "eng",
"value" : "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365592"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

118
2019/0xxx/CVE-2019-0021.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0021",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0021",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.4"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On Juniper ATP, secret passphrase CLI inputs, such as \"set mcm\", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.\nThis issue affects Juniper ATP 5.0 versions prior to 5.0.4."
"lang" : "eng",
"value" : "On Juniper ATP, secret passphrase CLI inputs, such as \"set mcm\", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 7.1,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-532 - Information Exposure Through Log Files"
"lang" : "eng",
"value" : "CWE-532 - Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.4 and all subsequent releases.\nIt is also recommended to purge the affected log files and/or change the passphrase after the upgrade."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.4 and all subsequent releases.\nIt is also recommended to purge the affected log files and/or change the passphrase after the upgrade."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365676"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0022.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0022",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software."
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0022",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software.\n\nAffected releases are Juniper Networks Juniper ATP:\n5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 10,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"lang" : "eng",
"value" : "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365592"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0023.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0023",
"STATE": "PUBLIC",
"TITLE": " Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0023",
"STATE" : "PUBLIC",
"TITLE" : " Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365614"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0024.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0024",
"STATE": "PUBLIC",
"TITLE": " Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0024",
"STATE" : "PUBLIC",
"TITLE" : " Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365606"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0025.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0025",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0025",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365609"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0026.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0026",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0026",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365617"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0027.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0027",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0027",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. \nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "XSS"
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365605"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

118
2019/0xxx/CVE-2019-0029.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0029",
"STATE": "PUBLIC",
"TITLE": " Juniper ATP: Splunk credentials are in logged in clear text"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0029",
"STATE" : "PUBLIC",
"TITLE" : " Juniper ATP: Splunk credentials are in logged in clear text"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users.\nUsing these credentials an attacker can access the Splunk server.\nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE - 256 : Plaintext Storage of a Password\n"
"lang" : "eng",
"value" : "CWE - 256 : Plaintext Storage of a Password\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change the Splunk credentials after the upgrade to the fixed version."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change the Splunk credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365601"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}

124
2019/0xxx/CVE-2019-0030.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0030",
"STATE": "PUBLIC",
"TITLE": "Juniper ATP: Password hashing uses DES and a hardcoded salt"
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0030",
"STATE" : "PUBLIC",
"TITLE" : "Juniper ATP: Password hashing uses DES and a hardcoded salt"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Juniper ATP",
"version": {
"version_data": [
"product_name" : "Juniper ATP",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.0",
"version_value": "5.0.3"
"affected" : "<",
"version_name" : "5.0",
"version_value" : "5.0.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents.\nThis issue affects Juniper ATP 5.0 versions prior to 5.0.3."
"lang" : "eng",
"value" : "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 6.7,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime"
"lang" : "eng",
"value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.juniper.net/JSA10918",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10918"
"name" : "https://kb.juniper.net/JSA10918",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10918"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version."
"lang" : "eng",
"value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version."
}
],
"source": {
"advisory": "JSA10918",
"defect": [
"source" : {
"advisory" : "JSA10918",
"defect" : [
"1365976",
"1365987"
],
"discovery": "INTERNAL"
"discovery" : "INTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
"lang" : "eng",
"value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk."
}
]
}