Lucene search

[email protected]CVE-2019-0035

HistoryApr 10, 2019 - 8:29 p.m.

CVE-2019-0035

2019-04-1020:29:00

CWE-501

CWE-522

[email protected]

web.nvd.nist.gov

cve-2019-0035

root login disallowed

root password change

junos os

administrative bypass

physical access

oam volumes

juniper networks

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

When “set system ports console insecure” is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using “set system root-authentication plain-text-password” on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.

Affected configurations

NVD

Node

juniperjunosMatch15.1f2

juniperjunosMatch15.1f3

juniperjunosMatch15.1f4

juniperjunosMatch15.1f5

juniperjunosMatch15.1f6

juniperjunosMatch15.1f7

juniperjunosMatch15.1r1

juniperjunosMatch15.1r2

juniperjunosMatch15.1r3

juniperjunosMatch15.1r4

juniperjunosMatch15.1r5

juniperjunosMatch15.1r6

Node

juniperjunosMatch15.1x49d10

juniperjunosMatch15.1x49d100

juniperjunosMatch15.1x49d110

juniperjunosMatch15.1x49d120

juniperjunosMatch15.1x49d130

juniperjunosMatch15.1x49d150

juniperjunosMatch15.1x49d20

juniperjunosMatch15.1x49d30

juniperjunosMatch15.1x49d35

juniperjunosMatch15.1x49d40

juniperjunosMatch15.1x49d45

juniperjunosMatch15.1x49d50

juniperjunosMatch15.1x49d60

juniperjunosMatch15.1x49d65

juniperjunosMatch15.1x49d70

juniperjunosMatch15.1x49d75

juniperjunosMatch15.1x49d80

juniperjunosMatch15.1x49d90

Node

juniperjunosMatch15.1x53d10

juniperjunosMatch15.1x53d20

juniperjunosMatch15.1x53d21

juniperjunosMatch15.1x53d210

juniperjunosMatch15.1x53d230

juniperjunosMatch15.1x53d231

juniperjunosMatch15.1x53d232

juniperjunosMatch15.1x53d233

juniperjunosMatch15.1x53d25

juniperjunosMatch15.1x53d30

juniperjunosMatch15.1x53d32

juniperjunosMatch15.1x53d33

juniperjunosMatch15.1x53d34

juniperjunosMatch15.1x53d40

juniperjunosMatch15.1x53d45

juniperjunosMatch15.1x53d495

juniperjunosMatch15.1x53d56

juniperjunosMatch15.1x53d60

juniperjunosMatch15.1x53d61

juniperjunosMatch15.1x53d62

juniperjunosMatch15.1x53d63

Node

juniperjunosMatch16.1r1

juniperjunosMatch16.1r2

juniperjunosMatch16.1r3

juniperjunosMatch16.1r4

juniperjunosMatch16.1r5

juniperjunosMatch16.1r6

juniperjunosMatch16.1r7

Node

juniperjunosMatch17.3r1

juniperjunosMatch17.3r2

juniperjunosMatch17.3r3

Node

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r2

juniperjunosMatch17.2r3

Node

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s7

juniperjunosMatch17.4r2

Node

juniperjunosMatch18.1r1

juniperjunosMatch18.1r2

juniperjunosMatch18.1r3-s2

Node

juniperjunosMatch18.2r1

juniperjunosMatch18.2r1-s3

Node

juniperjunosMatch18.3r1

juniperjunosMatch18.3r1-s1

Node

juniperjunosMatch18.2x75

Node

juniperjunosMatch16.1x65d30

juniperjunosMatch16.1x65d35

juniperjunosMatch16.1x65d40

Node

juniperjunosMatch17.1r1

juniperjunosMatch17.1r2

Node

juniperjunosMatch16.2r1

juniperjunosMatch16.2r2

juniperjunosMatch16.2r2-s7

CPENameOperatorVersion
juniper:junosjuniper junoseq15.1

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	15.1

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1F6-S12, 15.1R7-S3",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D160",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X53-D236, 15.1X53-D496, 15.1X53-D68",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1R3-S10, 16.1R6-S6, 16.1R7-S3",
        "status": "affected",
        "version": "16.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1X65-D49",
        "status": "affected",
        "version": "16.1X65",
        "versionType": "custom"
      },
      {
        "lessThan": "16.2R2-S8",
        "status": "affected",
        "version": "16.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R2-S10, 17.1R3",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R1-S8, 17.2R3-S1",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R3-S3",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R1-S6, 17.4R2-S2",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R2-S4, 18.1R3-S3",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2X75-D40",
        "status": "affected",
        "version": "18.2X75",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S2",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1",
        "status": "unaffected",
        "version": "all",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA10924

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for CVE-2019-0035

nessus1 prion2 nvd2 cvelist2 cve1