Knowledge Search


×
 

2019-01 Security Bulletin: Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot (CVE-2019-0015)

  [JSA10915] Show Article Properties


Product Affected:
This issue affects Junos OS 12.3X48, 15.1X49, 17.3, 17.4, 18.1, 18.2. Affected platforms: SRX Series.
Problem:

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token.

Affected releases are Junos OS on SRX Series:

  • 12.3X48 versions prior to 12.3X48-D75;
  • 15.1X49 versions prior to 15.1X49-D150;
  • 17.3 versions prior to 17.3R3;
  • 17.4 versions prior to 17.4R2;
  • 18.1 versions prior to 18.1R3;
  • 18.2 versions prior to 18.2R2.


Sample configuration:

user@host# show security dynamic-vpn
access-profile dyn-vpn-access-profile;
clients {
  grp {
      user {
          client1;
      }
  }
}

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2019-0015.
 

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and all subsequent releases.

This issue is being tracked as PR 1360111 and 1350867 which are visible on the Customer Support website.

Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).
 

Workaround:
There are no viable workarounds for this issue.
 
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
 
Modification History:
2019-01-09: Initial publication

Related Links:
CVSS Score:
5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Risk Level:
Medium
Risk Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."