admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/0xxx/CVE-2019-0015.json
CVE Team 83a9ae8bbb
- Synchronized data.
2019-01-23 06:04:03 -05:00

151 lines
5.5 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2019-01-09T17:00:00.000Z",
"ID" : "CVE-2019-0015",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D75"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D150"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "17.3",
"version_value" : "17.3R3"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "18.1",
"version_value" : "18.1R3"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "18.2",
"version_value" : "18.2R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "Sample configuration:\n\n user@host# show security dynamic-vpn\n access-profile dyn-vpn-access-profile;\n clients {\n \tgrp {\n \t\tuser {\n \t\t\tclient1;\n \t\t}\n \t}\n }\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10915",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10915"
},
{
"name" : "106668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106668"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10915",
"defect" : [
"1360111",
"1350867"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}
Reference in New Issue View Git Blame Copy Permalink