Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-0039
HistoryApr 10, 2019 - 8:29 p.m.

CVE-2019-0039

2019-04-1020:29:00
CWE-307
[email protected]
web.nvd.nist.gov
3

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.003

Percentile

68.7%

JSON

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.

Affected configurations

Nvd
Node
juniperjunosRange14.1x5314.1x53-d49
OR
juniperjunosRange15.115.1f6-s12
OR
juniperjunosRange15.1x4915.1x49-d160
OR
juniperjunosRange15.1x5315.1x53-d236
OR
juniperjunosRange16.116.1r3-s10
OR
juniperjunosRange16.1x6516.1x65-d49
OR
juniperjunosRange16.216.2r2-s7
OR
juniperjunosRange17.117.1r2-s10
OR
juniperjunosRange17.217.2r1-s8
OR
juniperjunosRange17.317.3r3-s2
OR
juniperjunosRange17.417.4r1-s6
OR
juniperjunosRange18.118.1r2-s4
OR
juniperjunosRange18.218.2r1-s5
OR
juniperjunosRange18.2x7518.2x75-d30
OR
juniperjunosRange18.318.3r1-s1
VendorProductVersionCPE
juniperjunos*cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
nessus 1
cve 1
prion
prion
Default configuration
2019-04-10 20:29:00
cvelist
cvelist
CVE-2019-0039 Junos OS: Login credentials are vulnerable to brute force attacks through the REST API
2019-04-10 20:13:51
nessus
nessus
Juniper JSA10928
2019-05-21 00:00:00
cve
cve
CVE-2019-0039
2019-04-10 20:29:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.003

Percentile

68.7%

JSON
Related for NVD:CVE-2019-0039
prion1cvelist1nessus1cve1