Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJuniperCVE-2019-0073
HistoryOct 09, 2019 - 8:15 p.m.

CVE-2019-0073

2019-10-0920:15:18
CWE-732
CWE-281
juniper
web.nvd.nist.gov
33
cve-2019-0073
juniper networks
junos os
pki keys
insecure file permissions
access vulnerability

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

High

EPSS

0

Percentile

12.6%

JSON

The PKI keys exported using the command “run request security pki key-pair export” on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.

Affected configurations

Nvd
Node
juniperjunosMatch15.1x49-
OR
juniperjunosMatch15.1x49d10
OR
juniperjunosMatch15.1x49d100
OR
juniperjunosMatch15.1x49d110
OR
juniperjunosMatch15.1x49d120
OR
juniperjunosMatch15.1x49d130
OR
juniperjunosMatch15.1x49d140
OR
juniperjunosMatch15.1x49d150
OR
juniperjunosMatch15.1x49d160
OR
juniperjunosMatch15.1x49d170
OR
juniperjunosMatch15.1x49d20
OR
juniperjunosMatch15.1x49d30
OR
juniperjunosMatch15.1x49d35
OR
juniperjunosMatch15.1x49d40
OR
juniperjunosMatch15.1x49d45
OR
juniperjunosMatch15.1x49d50
OR
juniperjunosMatch15.1x49d55
OR
juniperjunosMatch15.1x49d60
OR
juniperjunosMatch15.1x49d65
OR
juniperjunosMatch15.1x49d70
OR
juniperjunosMatch15.1x49d75
OR
juniperjunosMatch15.1x49d80
OR
juniperjunosMatch15.1x49d90
Node
juniperjunosMatch17.3-
OR
juniperjunosMatch17.3r1
OR
juniperjunosMatch17.3r2
OR
juniperjunosMatch17.3r2-s1
OR
juniperjunosMatch17.3r2-s2
OR
juniperjunosMatch17.3r3
OR
juniperjunosMatch17.3r3-s1
OR
juniperjunosMatch17.3r3-s2
OR
juniperjunosMatch17.3r3-s3
OR
juniperjunosMatch17.3r3-s4
OR
juniperjunosMatch17.3r3-s5
OR
juniperjunosMatch17.3r3-s6
Node
juniperjunosMatch17.4-
OR
juniperjunosMatch17.4r1
OR
juniperjunosMatch17.4r1-s1
OR
juniperjunosMatch17.4r1-s2
OR
juniperjunosMatch17.4r1-s4
OR
juniperjunosMatch17.4r1-s6
OR
juniperjunosMatch17.4r1-s7
OR
juniperjunosMatch17.4r2
OR
juniperjunosMatch17.4r2-s1
OR
juniperjunosMatch17.4r2-s3
OR
juniperjunosMatch17.4r2-s4
OR
juniperjunosMatch17.4r2-s5
OR
juniperjunosMatch17.4r2-s6
OR
juniperjunosMatch17.4r2-s7
Node
juniperjunosMatch18.1-
OR
juniperjunosMatch18.1r2
OR
juniperjunosMatch18.1r2-s1
OR
juniperjunosMatch18.1r2-s2
OR
juniperjunosMatch18.1r2-s4
OR
juniperjunosMatch18.1r3
OR
juniperjunosMatch18.1r3-s2
OR
juniperjunosMatch18.1r3-s3
OR
juniperjunosMatch18.1r3-s4
OR
juniperjunosMatch18.1r3-s5
OR
juniperjunosMatch18.1r3-s6
OR
juniperjunosMatch18.1r3-s7
Node
juniperjunosMatch18.2-
OR
juniperjunosMatch18.2r1-s5
OR
juniperjunosMatch18.2r2
OR
juniperjunosMatch18.2r2-s1
OR
juniperjunosMatch18.2r2-s2
OR
juniperjunosMatch18.2r2-s3
OR
juniperjunosMatch18.2r2-s4
Node
juniperjunosMatch18.3-
OR
juniperjunosMatch18.3r1
OR
juniperjunosMatch18.3r1-s1
OR
juniperjunosMatch18.3r1-s2
OR
juniperjunosMatch18.3r1-s3
Node
juniperjunosMatch18.4-
OR
juniperjunosMatch18.4r1
OR
juniperjunosMatch18.4r1-s2
VendorProductVersionCPE
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*
juniperjunos15.1x49cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*
Rows per page:
1-10 of 761

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1X49-D180",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S7",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S8, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S8",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R3",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R2",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
symantec 1
nessus 2
prion 1
cvelist 1
nvd
nvd
CVE-2019-0073
2019-10-09 20:15:18
symantec
symantec
Juniper Junos CVE-2019-0073 Local Insecure File Permissions Vulnerability
2019-10-09 00:00:00
nessus
nessus
Junos OS: Insecure PKI key pair export file permissions (JSA10974)
2019-11-05 00:00:00
Juniper JSA10970
2020-01-29 00:00:00
prion
prion
Design/Logic Flaw
2019-10-09 20:15:00
cvelist
cvelist
CVE-2019-0073 Junos OS: PKI key pairs are exported with insecure file permissions
2019-10-09 19:26:18

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2019-0073
nvd1symantec1nessus2prion1cvelist1