If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107899 | Broken Link Third Party Advisory VDB Entry |
https://kb.juniper.net/JSA10928 | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/107899 | Broken Link Third Party Advisory VDB Entry |
https://kb.juniper.net/JSA10928 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/107899 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://kb.juniper.net/JSA10928 - Mitigation, Vendor Advisory |
09 Feb 2024, 03:16
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/107899 - Broken Link, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:juniper:junos:15.1x53-d495:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.2r3-s1:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1x53-d591:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1r7-s3:*:*:*:*:*:*:* |
Information
Published : 2019-04-10 20:29
Updated : 2024-11-21 04:16
NVD link : CVE-2019-0039
Mitre link : CVE-2019-0039
CVE.ORG link : CVE-2019-0039
JSON object : View
Products Affected
juniper
- junos
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts