CVE-2019-0074
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| juniper:junos | juniper junos | eq | 15.1 |
CNA Affected
[
{
"platforms": [
"NFX150, QFX10K, EX9200, MX, and PTX Series with NG-RE"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "15.1"
},
{
"status": "unaffected",
"version": "16.2 16.2"
},
{
"lessThan": "15.1F6-S12",
"status": "affected",
"version": "15.1F",
"versionType": "custom"
},
{
"changes": [
{
"at": "16.1R6-S6, 16.1R7-S3",
"status": "unaffected"
}
],
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R6",
"versionType": "custom"
},
{
"lessThan": "17.1R3",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.2R3-S1",
"status": "unaffected"
}
],
"lessThan": "17.2*",
"status": "affected",
"version": "17.2R1-S3, 17.2R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.3R3-S3",
"status": "unaffected"
}
],
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R1-S1, 17.3R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "17.4R1-S6, 17.4R2-S2, 17.4R3",
"status": "unaffected"
}
],
"lessThan": "17.4*",
"status": "affected",
"version": "17.4R1",
"versionType": "custom"
},
{
"lessThan": "18.1R2-S4, 18.1R3-S3",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D40",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S2, 18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S1, 18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
}
]
}
]References
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%