Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0062— Junos OS: Session fixation vulnerability in J-Web

CVSS 7.5 · High EPSS 0.36% · P58
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-0062

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: Session fixation vulnerability in J-Web
Source: NVD (National Vulnerability Database)
Vulnerability Description
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
会话固定
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。以下产品及版本受到影响:Juniper Networks Junos OS 12.3版本,12.3X48版本,14.1X53版本,15.1版本,15.1X49版本,15.1X53
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 12.3 ~ 12.3R12-S15 -
Juniper NetworksJunos OS 12.3X48 ~ 12.3X48-D85 -
Juniper NetworksJunos OS 14.1X53 ~ 14.1X53-D51 -

II. Public POCs for CVE-2019-0062

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-0062

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2019-10-09 · 25 CVEs total

CVE-2019-00478.8 HIGHJunos OS: Persistent XSS vulnerability in J-Web
CVE-2019-00708.8 HIGHJunos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attac
CVE-2019-00587.8 HIGHJunos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation.
CVE-2019-00617.8 HIGHJunos OS: Insecure management daemon (MGD) configuration may allow local privilege escalat
CVE-2019-00577.8 HIGHNFX Series: An attacker may be able to take control of the JDM application and subsequentl
CVE-2019-00717.8 HIGHJunos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific vers
CVE-2019-00607.5 HIGHJunos OS: SRX Series: flowd process crash due to processing of specific transit IP packets
CVE-2019-00567.5 HIGHJunos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to
CVE-2019-00557.5 HIGHJunos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP tr
CVE-2019-00507.5 HIGHJunos OS: SRX1500: Denial of service due to crash of srxpfe process under heavy traffic co
CVE-2019-00757.5 HIGHJunos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM
CVE-2019-00667.5 HIGHJunos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the r
CVE-2019-00647.5 HIGHJunos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet
CVE-2019-00597.5 HIGHJunos OS: The routing protocol process (rpd) may crash and generate core files upon receip
CVE-2019-00546.8 MEDIUMJunos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks
CVE-2019-00736.6 MEDIUMJunos OS: PKI key pairs are exported with insecure file permissions
CVE-2019-00686.5 MEDIUMJunos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets
CVE-2019-00676.5 MEDIUMJunos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devic
CVE-2019-00516.5 MEDIUMSRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.
CVE-2019-00636.5 MEDIUMJunos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-384

V. Comments for CVE-2019-0062

No comments yet

Leave a comment