CVE-2019-0069Cleartext Transmission of Sensitive Info in Networks Junos OS

CWE-319Cleartext Transmission of Sensitive InfoCWE-787Out-of-bounds WriteCWE-20Improper Input ValidationCWE-416Use After Free6 documents4 sources
Severity
5.5MEDIUMNVD
CISA7.8
EPSS
0.0%
top 94.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Juniper Networks Junos OSJuniper JunosJuniper EX Series+4 more
Timeline
PublishedOct 9
Latest updateMay 24

Description

On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX pl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5juniper_networks/junos_os15.1X4915.1X49-D110+21
NVDjuniper/junos13 versions+12

🔴Vulnerability Details

1
GHSA
GHSA-9hw7-cqrw-9j9p: On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, S2022-05-24

📋Vendor Advisories

4
CISA
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability2021-11-03
CISA
Android Kernel Out-of-Bounds Write Vulnerability2021-11-03
CISA
Android Kernel Use-After-Free Vulnerability2021-11-03
Juniper
CVE-2019-0069: On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, S2019-10-09
CVE-2019-0069 — Juniper Networks Junos OS vulnerability | cvebase