Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-0074— Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure.

CVSS 5.5 · Medium EPSS 0.04% · P12
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-0074

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure.
Source: NVD (National Vulnerability Database)
Vulnerability Description
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Juniper Networks产品Junos OS 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
多款Juniper Networks产品中的Junos OS存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。以下产品及版本受到影响:Juniper Networks NFX150;EX9200(NG-RE);MX(NG-RE);PTX(NG-RE);QFX10K(NG-RE);Juniper Networks Junos OS 15.1F版本,16.1版本,17.1版本,17.2版本,17.3版本,17.4版本,18.1版本,1
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 15.1 -

II. Public POCs for CVE-2019-0074

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-0074

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2019-10-09 · 25 CVEs total

CVE-2019-00478.8 HIGHJunos OS: Persistent XSS vulnerability in J-Web
CVE-2019-00708.8 HIGHJunos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attac
CVE-2019-00717.8 HIGHJunos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific vers
CVE-2019-00587.8 HIGHJunos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation.
CVE-2019-00577.8 HIGHNFX Series: An attacker may be able to take control of the JDM application and subsequentl
CVE-2019-00617.8 HIGHJunos OS: Insecure management daemon (MGD) configuration may allow local privilege escalat
CVE-2019-00607.5 HIGHJunos OS: SRX Series: flowd process crash due to processing of specific transit IP packets
CVE-2019-00667.5 HIGHJunos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the r
CVE-2019-00567.5 HIGHJunos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to
CVE-2019-00557.5 HIGHJunos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP tr
CVE-2019-00597.5 HIGHJunos OS: The routing protocol process (rpd) may crash and generate core files upon receip
CVE-2019-00507.5 HIGHJunos OS: SRX1500: Denial of service due to crash of srxpfe process under heavy traffic co
CVE-2019-00647.5 HIGHJunos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet
CVE-2019-00757.5 HIGHJunos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM
CVE-2019-00627.5 HIGHJunos OS: Session fixation vulnerability in J-Web
CVE-2019-00546.8 MEDIUMJunos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks
CVE-2019-00736.6 MEDIUMJunos OS: PKI key pairs are exported with insecure file permissions
CVE-2019-00516.5 MEDIUMSRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature.
CVE-2019-00636.5 MEDIUMJunos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message
CVE-2019-00686.5 MEDIUMJunos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks

V. Comments for CVE-2019-0074

No comments yet

Leave a comment