JuniperCVELIST:CVE-2019-0073CVE-2019-0073 Junos OS: PKI key pairs are exported with insecure file permissions
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
12.6%
The PKI keys exported using the command “run request security pki key-pair export” on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.
CNA Affected
[
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X49-D180",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S8, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
}
]
}
]References
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
12.6%