Knowledge Search


×
 

2019-01 Security Bulletin: Juniper ATP: Multiple vulnerabilities resolved in 5.0.3 and 5.0.4

  [JSA10918] Show Article Properties


Product Affected:
Juniper ATP
Problem:

Multiple vulnerabilities have been resolved in the Juniper ATP 5.0.3 and 5.0.4 releases by fixing the vulnerabilities found during internal testing and updating the third party software packages included with Juniper ATP.

Important security issues resolved include:

CVE CVSS Summary
CVE-2019-0018 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
CVE-2017-11610 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVE-2019-0023 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
CVE-2019-0030 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents.
CVE-2019-0021 7.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information.
CVE-2019-0020 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Juniper ATP: Hard coded credentials used in Web Collector
CVE-2019-0022 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Juniper ATP: Two hardcoded credentials sharing the same password give an attacker the ability to take control of any installation of the software.
CVE-2019-0025 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
CVE-2019-0026 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
CVE-2019-0029 8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) On Juniper ATP, the Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server.
CVE-2019-0004 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) The API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface.
CVE-2019-0024 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
CVE-2019-0027 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
Solution:
  • CVE-2019-0018, CVE-2019-0023, CVE-2019-0020, CVE-2019-0022, CVE-2019-0025, CVE-2019-0026, CVE-2019-0024, CVE-2019-0027, CVE-2017-11610

    The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.

  • CVE-2019-0030

    The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.

    It is suggested to change any credentials after the upgrade to the fixed version.

  • CVE-2019-0021

    The following software release have been updated to resolve this specific issue: 5.0.4 and all subsequent releases.

    It is also recommended to purge the affected log files and/or change the passphrase after the upgrade.

  • CVE-2019-0029

    The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.

    It is suggested to change the Splunk credentials after the upgrade to the fixed version.

  • CVE-2019-0004

    The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.

    It is also recommended to change the device key after the upgrade.

These issues are being tracked as PR 1365584, 1365614, 1365976, 1365987, 1365676, 1365592, 1365609, 1365617, 1365601, 1365691, 1365606, 1365605, 1365985 and 1366352 which are visible on the Customer Support website.

Workaround:

There are no known workarounds for this issue, however, limiting access to only trusted administrators from trusted administrative networks or hosts would minimize the risk.

Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
Modification History:
  • 2019-01-09: Initial Publication.
  • 2019-01-14: Update the CVSS score for CVE-2019-0029.
Related Links:
CVSS Score:
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Severity Level:
Critical
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."