CVE-2019-0042Authentication Bypass by Primary Weakness in Networks Juniper Identity Management Service

CWE-305Authentication Bypass by Primary WeaknessCWE-404Improper Resource Shutdown or ReleaseCWE-669Incorrect Resource Transfer Between Spheres3 documents3 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 85.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Juniper Identity Management ServiceJuniper Identity Management ServiceJuniper SRX Series
Timeline
PublishedApr 10
Latest updateMay 13

Description

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

1
GHSA
GHSA-73q7-g3wf-g922: Juniper Identity Management Service (JIMS) for Windows versions prior to 12022-05-13

📋Vendor Advisories

1
Juniper
CVE-2019-0042: Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This2019-04-10