5.0.2

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

juniper

CWE-916

NVD

Published: 2019-01-15

Updated: 2023-11-07

Summary

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Advanced Threat Prevention Firmware 5.0.0 Juniper Advanced Threat Prevention Firmware 5.0.1 Juniper Advanced Threat Prevention Firmware 5.0.2	3
Hardware	Juniper Juniper Atp400 - Juniper Atp700 -	2

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://kb.juniper.net/JSA10918