CVE-2019-0020

CWE-798 — Hard-coded Credentials5 documents5 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Juniper ATP Juniper Advanced Threat Prevention

Timeline

PublishedJan 15

Latest updateMay 13

Description

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/juniper_atp5.0 — 5.0.3

▶NVDjuniper/advanced_threat_prevention5.0.0 — 5.0.3

🔴Vulnerability Details

GHSA

GHSA-426w-g76x-326w: Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installati↗2022-05-13

▶

CVEList

Juniper ATP: Hard coded credentials used in Web Collector↗2019-01-15

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)↗2019-11-12

▶

Juniper

CVE-2019-0020: Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installati↗2019-01-15

▶