Published: 10/04/2019 Updated: 09/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an malicious user to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions before 14.1X53-D49; 15.1 versions before 15.1F6-S12, 15.1R7-S3; 15.1X49 versions before 15.1X49-D160; 15.1X53 versions before 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions before 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions before 16.1X65-D49; 16.2 versions before 16.2R2-S7; 17.1 versions before 17.1R2-S10, 17.1R3; 17.2 versions before 17.2R1-S8, 17.2R3-S1; 17.3 versions before 17.3R3-S2; 17.4 versions before 17.4R1-S6, 17.4R2-S2; 18.1 versions before 18.1R2-S4, 18.1R3-S1; 18.2 versions before 18.2R1-S5; 18.2X75 versions before 18.2X75-D30; 18.3 versions before 18.3R1-S1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos

CWE-307 https://kb.juniper.net/JSA10928 http://www.securityfocus.com/bid/107899 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-0039

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect