Cleartext storage of sensitive information in Juniper Junos OS - CVE-2019-0069
Published: October 11, 2019
Vulnerability identifier: #VU21725
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-0069
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows a local user to view the password on the target system.
The vulnerability exists due to the affected software stores credentials used during device authentication unencrypted in its log file. A local authenticated user can obtain credentials.
Note: This vulnerability affects only the following versions of Junos OS:
- 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series
- 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series
- 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series
- 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series
- 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series
- 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series
- 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series
- 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series
- 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series
- 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series
- 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series
- 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series
- 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series
- 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series
- 15.1X53 versions prior to 15.1X53-D496 on NFX Series
- 17.2 versions prior to 17.2R3-S1 on NFX Series
- 17.3 versions prior to 17.3R3-S4 on NFX Series
- 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series
- 18.1 versions prior to 18.1R3-S4 on NFX Series
- 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series
- 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series
- 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series
How to mitigate CVE-2019-0069
Install updates from vendor's website.