CVE-2019-0039

🗓️ 10 Apr 2019 20:13:51Reported by juniperType

If REST API is enabled, Junos OS login credentials vulnerable to brute force attacks. High default connection limit may allow attackers to brute-force passwords

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2019-0039 Junos OS: Login credentials are vulnerable to brute force attacks through the REST API	10 Apr 201920:13	–	cvelist
EUVD	EUVD-2019-0846	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper JSA10928	21 May 201900:00	–	nessus
NVD	CVE-2019-0039	10 Apr 201920:29	–	nvd
Prion	Default configuration	10 Apr 201920:29	–	prion
Positive Technologies	PT-2019-2085 · Juniper Networks · Junos	10 Apr 201900:00	–	ptsecurity

NVD

Vulners

Node

juniper junosRange14.1x53–14.1x53-d49

juniper junosRange15.1–15.1f6-s12

juniper junosRange15.1x49–15.1x49-d160

juniper junosRange15.1x53–15.1x53-d236

juniper junosRange16.1–16.1r3-s10

juniper junosRange16.1x65–16.1x65-d49

juniper junosRange16.2–16.2r2-s7

juniper junosRange17.1–17.1r2-s10

juniper junosRange17.2–17.2r1-s8

juniper junosRange17.3–17.3r3-s2

juniper junosRange17.4–17.4r1-s6

juniper junosRange18.1–18.1r2-s4

juniper junosRange18.2–18.2r1-s5

juniper junosRange18.2x75–18.2x75-d30

juniper junosRange18.3–18.3r1-s1

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D49",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1F6-S12, 15.1R7-S3",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D160",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3",
        "status": "affected",
        "version": "16.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1X65-D49",
        "status": "affected",
        "version": "16.1X65",
        "versionType": "custom"
      },
      {
        "lessThan": "16.2R2-S7",
        "status": "affected",
        "version": "16.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R2-S10, 17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R1-S8, 17.2R3-S1",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S2",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R1-S6, 17.4R2-S2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R2-S4, 18.1R3-S1",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R1-S5",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D30",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S1",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/107899
kb	www.kb.juniper.net/JSA10928

21 Nov 2024 04:16Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.3

CVSS 3.18.1

CVSS 35.3

EPSS0.00288

CWE-307