CVE-2019-0074 — Path Traversal in Networks Junos OS

CWE-22 — Path Traversal CWE-23 — Relative Path Traversal3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +2 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series w…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶juniperjuniper/mx_series

▶juniperjuniper/qfx_series

▶CVEListV5juniper_networks/junos_os15.1F — 15.1F6-S12+10

▶NVDjuniper/junos11 versions+10

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-qxxh-xwx4-34gm: A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine↗2022-05-24

▶

📋Vendor Advisories

Juniper

CVE-2019-0074: A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine↗2019-10-09

▶