CVE-2019-0074 Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure.

🗓️ 09 Oct 2019 19:26:18Reported by juniperType

Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure on Junos OS device

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of Junos OS routers from the NFX150, EX9200 series, with NG-RE, MX with NG-RE, PTX with NG-RE, and QFX10K with NG-RE families, arises due to incorrect restrictions on path names to restricted access directories. This allows attackers to gain unauthorized access to protected information.	22 Dec 201900:00	–	bdu_fstec
CVE	CVE-2019-0074	9 Oct 201919:26	–	cve
EUVD	EUVD-2019-0881	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper JSA10975	28 Oct 201900:00	–	nessus
NVD	CVE-2019-0074	9 Oct 201920:15	–	nvd
OSV	CVE-2019-0074	9 Oct 201920:15	–	osv
Prion	Path traversal	9 Oct 201920:15	–	prion
Symantec	Juniper Junos CVE-2019-0074 Local Directory Traversal Vulnerability	9 Oct 201900:00	–	symantec

[
  {
    "platforms": [
      "NFX150, QFX10K, EX9200, MX, and PTX Series with NG-RE"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "15.1"
      },
      {
        "status": "unaffected",
        "version": "16.2  16.2"
      },
      {
        "lessThan": "15.1F6-S12",
        "status": "affected",
        "version": "15.1F",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "16.1R6-S6, 16.1R7-S3",
            "status": "unaffected"
          }
        ],
        "lessThan": "16.1*",
        "status": "affected",
        "version": "16.1R6",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.2R3-S1",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.2*",
        "status": "affected",
        "version": "17.2R1-S3, 17.2R3",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.3R3-S3",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.3*",
        "status": "affected",
        "version": "17.3R1-S1, 17.3R2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "17.4R1-S6, 17.4R2-S2, 17.4R3",
            "status": "unaffected"
          }
        ],
        "lessThan": "17.4*",
        "status": "affected",
        "version": "17.4R1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R2-S4, 18.1R3-S3",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D40",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S2, 18.3R2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S1, 18.4R2",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA10975

09 Oct 2019 19:26Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.5

EPSS0.00041