Vulnerabilities > CVE-2019-0057 - Unspecified vulnerability in Juniper Junos

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
juniper
nessus

Summary

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.

Vulnerable Configurations

Part Description Count
OS
Juniper
717
Hardware
Juniper
2

Nessus

  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10970.NASL
    descriptionThe version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10970 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id133303
    published2020-01-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133303
    titleJuniper JSA10970
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133303);
      script_version("1.1");
      script_cvs_date("Date: 2020/01/29");
    
      script_cve_id(
        "CVE-2019-0047",
        "CVE-2019-0050",
        "CVE-2019-0054",
        "CVE-2019-0055",
        "CVE-2019-0057",
        "CVE-2019-0058",
        "CVE-2019-0059",
        "CVE-2019-0060",
        "CVE-2019-0062",
        "CVE-2019-0063",
        "CVE-2019-0064",
        "CVE-2019-0066",
        "CVE-2019-0067",
        "CVE-2019-0068",
        "CVE-2019-0073",
        "CVE-2019-0075"
      );
      script_xref(name:"IAVA", value:"2019-A-0388");
    
      script_name(english:"Juniper JSA10970");
      script_summary(english:"Checks the Junos version and build date.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "The version of tested product installed on the remote host is prior to
    tested version. It is, therefore, affected by a vulnerability as
    referenced in the JSA10970 advisory. Note that Nessus has not tested
    for this issue but has instead relied only on the application's self-
    reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10970");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos software release referenced in Juniper
    advisory JSA10970");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0047");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/29");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
    
      exit(0);
    }
    
    include('audit.inc');
    include('junos.inc');
    include('misc_func.inc');
    
    ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    model = get_kb_item_or_exit('Host/Juniper/model');
    fixes = make_array();
    
    fixes['12.1X46'] = '12.1X46-D86';
    fixes['12.3'] = '12.3R12-S13';
    fixes['12.3X48'] = '12.3X48-D80';
    fixes['14.1X53'] = '14.1X53-D51';
    
    if (ver =~ "^15\.1F")
    fixes['15.1F'] = '15.1F6-S13';
    else
      fixes['15.1'] = '15.1R7-S4';
    
    fixes['15.1X49'] = '15.1X49-D171';
    fixes['15.1X53'] = '15.1X53-D69';
    fixes['16.1'] = '16.1R7-S5';
    fixes['16.2'] = '16.2R2-S9';
    fixes['17.1'] = '17.1R3';
    
    if (ver =~ "^17\.2R1")
      fixes['17.2'] = '17.2R1-S8';
    else if (ver =~ "^17\.2R2")
      fixes['17.2'] = '17.2R2-S7';
    else if (ver =~ "^17\.2R3")
      fixes['17.2'] = '17.2R3-S1';
    
    fixes['17.3'] = '17.3R3-S6';
    
    if (ver =~ "^17\.4R1")
      fixes['17.4'] = '17.4R1-S7';
    else if (ver =~ "^17\.4R2")
      fixes['17.4'] = '17.4R2-S4';
    else
      fixes['17.4'] = '17.4R3';
    
    fixes['18.1'] = '18.1R3-S5';
    
    if (ver =~ "^18\.2R1")
      fixes['18.2'] = '18.2R1-S5';
    else if (ver =~ "^18\.2R2")
      fixes['18.2'] = '18.2R2-S3';
    else
      fixes['18.2'] = '18.2R3';
    
    if (ver =~ "^18\.3R1")
      fixes['18.3'] = '18.3R1-S3';
    else if (ver =~ "^18\.3R2")
      fixes['18.3'] = '18.3R2';
    else if (ver =~ "^18\.3R3")
      fixes['18.3'] = '18.3R3';
    
    if (ver =~ "^18\.4R1")
      fixes['18.4'] = '18.4R1-S2';
    else
      fixes['18.4'] = '18.4R2';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    report = get_report(ver:ver, fix:fix);
    security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
    
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10955.NASL
    descriptionAn authentication bypass vulnerability exists in Junos Device Manager. An authenticated, local attacker can exploit this to bypass regular security controls and take control of the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id130264
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130264
    titleNFX Series: Authentication Bypass Vulnerability Juniper Device Manager (JDM) (JSA10955)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
     
    if (description)
    {
      script_id(130264);
      script_version("1.1");
      script_cvs_date("Date: 2019/10/25 11:54:57");
    
      script_cve_id("CVE-2019-0057");
    
      script_xref(name:"JSA", value:"JSA10955");
    
      script_name(english:"NFX Series: Authentication Bypass Vulnerability Juniper Device Manager (JDM) (JSA10955)");
      script_summary(english:"Checks the Junos version and build date.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "An authentication bypass vulnerability exists in Junos Device 
    Manager. An authenticated, local attacker can exploit this to 
    bypass regular security controls and take control of the system.
    ");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10955");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos software release referenced in Juniper
    advisory JSA10955.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0057");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
    
      exit(0);
    }
    
    include('audit.inc');
    include('junos.inc');
    include('misc_func.inc');
    
    ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    model = get_kb_item_or_exit('Host/Juniper/model');
    
    if ( 'NFX' >!< model)
      audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);
    
    fixes = make_array();
    fixes['18.2'] = '18.2R1';
    fixes['18.2X75'] = '18.2X75-D5';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    report = get_report(ver:ver, fix:fix);
    security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);