CVE-2019-0020

Published: Jan 15, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

Affected (1)

Products: Juniper: Advanced Threat Prevention

1 product

Advanced Threat Prevention

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Juniper Advanced Threat Prevention	From 5.0.0 to 5.0.3

Running on/with	Platform Versions
Juniper Atp400	All versions
Juniper Atp700	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://kb.juniper.net/JSA10918

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10918

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.