CVE-2019-0061Violation of Secure Design Principles in Networks Junos OS

CWE-657Violation of Secure Design Principles3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 88.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedOct 9
Latest updateMay 24

Description

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulne

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os15.1X4915.1X49-D171, 15.1X49-D180+11
NVDjuniper/junos11 versions+10

🔴Vulnerability Details

1
GHSA
GHSA-6744-3fcf-cc9q: The management daemon (MGD) is responsible for all configuration and management operations in Junos OS2022-05-24

📋Vendor Advisories

1
Juniper
CVE-2019-0061: The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an in2019-10-09
CVE-2019-0061 — Violation of Secure Design Principles | cvebase