CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0039

HIGH
8.1
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile18.95th
PublishedApr 10, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.

Affected Platforms (CPE)

πŸ’»
Juniper

Junos

>= 14.1x53 and < 14.1x53-d49
πŸ’»
Juniper

Junos

>= 15.1 and < 15.1f6-s12
πŸ’»
Juniper

Junos

>= 15.1x49 and < 15.1x49-d160
πŸ’»
Juniper

Junos

>= 15.1x53 and < 15.1x53-d236
πŸ’»
Juniper

Junos

>= 16.1 and < 16.1r3-s10
πŸ’»
Juniper

Junos

>= 16.1x65 and < 16.1x65-d49
πŸ’»
Juniper

Junos

>= 16.2 and < 16.2r2-s7
πŸ’»
Juniper

Junos

>= 17.1 and < 17.1r2-s10
πŸ’»
Juniper

Junos

>= 17.2 and < 17.2r1-s8
πŸ’»
Juniper

Junos

>= 17.3 and < 17.3r3-s2
πŸ’»
Juniper

Junos

>= 17.4 and < 17.4r1-s6
πŸ’»
Juniper

Junos

>= 18.1 and < 18.1r2-s4
πŸ’»
Juniper

Junos

>= 18.2 and < 18.2r1-s5
πŸ’»
Juniper

Junos

>= 18.2x75 and < 18.2x75-d30
πŸ’»
Juniper

Junos

>= 18.3 and < 18.3r1-s1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107899
πŸ”— https://kb.juniper.net/JSA10928
πŸ”— http://www.securityfocus.com/bid/107899
πŸ”— https://kb.juniper.net/JSA10928

Related Vulnerabilities

CVE-2021-024810.0

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks ...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2013-468510.0

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-...