CVE-2019-0069

Published: Oct 9, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series.

Affected (128)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x49 d100
Juniper Junos	Version 15.1x49 d10
Juniper Junos	Version 15.1x49 d20
Juniper Junos	Version 15.1x49 d30
Juniper Junos	Version 15.1x49 d35
Juniper Junos	Version 15.1x49 d40
Juniper Junos	Version 15.1x49 d45
Juniper Junos	Version 15.1x49 d50
Juniper Junos	Version 15.1x49 d55
Juniper Junos	Version 15.1x49 d60
Juniper Junos	Version 15.1x49 d65
Juniper Junos	Version 15.1x49 d70
Juniper Junos	Version 15.1x49 d75
Juniper Junos	Version 15.1x49 d80
Juniper Junos	Version 15.1x49 d90

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53 d210
Juniper Junos	Version 15.1x53 d230
Juniper Junos	Version 15.1x53 d231
Juniper Junos	Version 15.1x53 d232
Juniper Junos	Version 15.1x53 d233

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53 d30
Juniper Junos	Version 15.1x53 d33
Juniper Junos	Version 15.1x53 d34
Juniper Junos	Version 15.1x53 d60
Juniper Junos	Version 15.1x53 d61
Juniper Junos	Version 15.1x53 d62
Juniper Junos	Version 15.1x53 d63
Juniper Junos	Version 15.1x53 d64
Juniper Junos	Version 15.1x53 d65
Juniper Junos	Version 15.1x53 d66
Juniper Junos	Version 15.1x53 d67

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2 r1
Juniper Junos	Version 17.2 r2

Configuration F

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.3 r1

Running on/with	Platform Versions
Juniper Qfx10008	All versions
Juniper Qfx10016	All versions
Juniper Qfx5200	All versions
Juniper Srx1500	All versions
Juniper Srx4000	All versions
Juniper Vsrx	All versions

Configuration G

11 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 14.1x53
Juniper Junos	Version 14.1x53 d10
Juniper Junos	Version 14.1x53 d15
Juniper Junos	Version 14.1x53 d16
Juniper Junos	Version 14.1x53 d25
Juniper Junos	Version 14.1x53 d26
Juniper Junos	Version 14.1x53 d27
Juniper Junos	Version 14.1x53 d30
Juniper Junos	Version 14.1x53 d35
Juniper Junos	Version 14.1x53 d40
Juniper Junos	Version 14.1x53 d45

Configuration H

21 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1 a1
Juniper Junos	Version 15.1 f1
Juniper Junos	Version 15.1 f2-s1
Juniper Junos	Version 15.1 f2-s2
Juniper Junos	Version 15.1 f2-s3
Juniper Junos	Version 15.1 f2-s4
Juniper Junos	Version 15.1 f2
Juniper Junos	Version 15.1 f3
Juniper Junos	Version 15.1 f4
Juniper Junos	Version 15.1 f5
Juniper Junos	Version 15.1 f6-s3
Juniper Junos	Version 15.1 f6
Juniper Junos	Version 15.1 f7
Juniper Junos	Version 15.1 r1
Juniper Junos	Version 15.1 r2
Juniper Junos	Version 15.1 r3
Juniper Junos	Version 15.1 r4-s9
Juniper Junos	Version 15.1 r4
Juniper Junos	Version 15.1 r5
Juniper Junos	Version 15.1 r6-s6
Juniper Junos	Version 15.1 r6

Configuration I

8 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 16.1
Juniper Junos	Version 16.1 r1
Juniper Junos	Version 16.1 r2
Juniper Junos	Version 16.1 r3-s10
Juniper Junos	Version 16.1 r3
Juniper Junos	Version 16.1 r4
Juniper Junos	Version 16.1 r5-s4
Juniper Junos	Version 16.1 r6-s1

Configuration J

9 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.1
Juniper Junos	Version 17.1 r1
Juniper Junos	Version 17.1 r2-s1
Juniper Junos	Version 17.1 r2-s2
Juniper Junos	Version 17.1 r2-s3
Juniper Junos	Version 17.1 r2-s4
Juniper Junos	Version 17.1 r2-s5
Juniper Junos	Version 17.1 r2-s6
Juniper Junos	Version 17.1 r2-s7

Configuration N

3 platform

Running on/with	Platform Versions
Juniper Acx5000	All versions
Juniper Ex4600	All versions
Juniper Qfx5110	All versions

Configuration O

3 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 15.1x53 d40
Juniper Junos	Version 15.1x53 d45
Juniper Junos	Version 15.1x53 d495

Configuration P

7 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.2
Juniper Junos	Version 17.2 r1-s2
Juniper Junos	Version 17.2 r1-s4
Juniper Junos	Version 17.2 r1-s7
Juniper Junos	Version 17.2 r1-s8
Juniper Junos	Version 17.2 r2-s6
Juniper Junos	Version 17.2 r2-s7

Configuration Q

7 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.3
Juniper Junos	Version 17.3 r2-s1
Juniper Junos	Version 17.3 r2-s2
Juniper Junos	Version 17.3 r2
Juniper Junos	Version 17.3 r3-s1
Juniper Junos	Version 17.3 r3-s2
Juniper Junos	Version 17.3 r3-s3

Configuration R

10 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 17.4
Juniper Junos	Version 17.4 r1-s1
Juniper Junos	Version 17.4 r1-s2
Juniper Junos	Version 17.4 r1-s4
Juniper Junos	Version 17.4 r1-s6
Juniper Junos	Version 17.4 r1-s7
Juniper Junos	Version 17.4 r1
Juniper Junos	Version 17.4 r2-s1
Juniper Junos	Version 17.4 r2-s3
Juniper Junos	Version 17.4 r2

Configuration S

8 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.1
Juniper Junos	Version 18.1 r2-s1
Juniper Junos	Version 18.1 r2-s2
Juniper Junos	Version 18.1 r2-s4
Juniper Junos	Version 18.1 r2
Juniper Junos	Version 18.1 r3-s2
Juniper Junos	Version 18.1 r3-s3
Juniper Junos	Version 18.1 r3

Configuration T

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.2
Juniper Junos	Version 18.2 r1-s5
Juniper Junos	Version 18.2 r2-s1
Juniper Junos	Version 18.2 r2-s2

Configuration U

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.3
Juniper Junos	Version 18.3 r1-s1
Juniper Junos	Version 18.3 r1-s2
Juniper Junos	Version 18.3 r1

Configuration V

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.4
Juniper Junos	Version 18.4 r1

Running on/with	Platform Versions
Juniper Nfx150	All versions
Juniper Nfx250	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://kb.juniper.net/JSA10969

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10969

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.