Knowledge Search


×
 

2019-10 Security Bulletin: NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system. (CVE-2019-0057)

  [JSA10955] Show Article Properties


Product Affected:
This issue affects Junos OS. Affected platforms: NFX Series.
Problem:
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system.

This issue affects:

Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was found during internal product security testing or research.

This issue has been assigned CVE-2019-0057.

Solution:
The following software releases have been updated to resolve this specific issue: 18.2R1, 18.2X75-D5, and all subsequent releases.

This issue is being tracked as PR 1341370 which is visible on the Customer Support website.

Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).

Workaround:
There are no viable workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
Modification History:
2019-10-09: Initial Publication.
Related Links:
CVSS Score:
7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."