Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-0039

CVE information

Published

3 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Description

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
High
Base Score
8.1/10
Exploit Score
2.2/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.2x75 18.2x75-d30
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.3 17.3r3-s2
cpe:2.3:o:juniper:junos:17.2r3-s1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.2 18.2r1-s5
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.1 18.1r2-s4
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
14.1x53 14.1x53-d49
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
16.1 16.1r3-s10
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.2 17.2r1-s8
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
18.3 18.3r1-s1
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
15.1x49 15.1x49-d160
cpe:2.3:o:juniper:junos:15.1x53-d69:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
16.1x65 16.1x65-d49
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
16.2 16.2r2-s7
cpe:2.3:o:juniper:junos:15.1r7-s3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
15.1 15.1f6-s12
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.4 17.4r1-s6
cpe:2.3:o:juniper:junos:15.1x53-d495:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:15.1x53-d591:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
15.1x53 15.1x53-d236
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  Yes
17.1 17.1r2-s10