CVE-2019-0020 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-0020

Modified

More Info Official Page

Source-sirt@juniper.net

Published At-15 Jan, 2019 | 21:29

Updated At-09 Oct, 2019 | 23:43

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 10.0

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Juniper Networks, Inc.

>>advanced_threat_prevention>>Versions from 5.0.0(inclusive) to 5.0.3(exclusive)

cpe:2.3:o:juniper:advanced_threat_prevention:*:*:*:*:*:*:*:*

Juniper Networks, Inc.

cpe:2.3:h:juniper:atp400:-:*:*:*:*:*:*:*

Juniper Networks, Inc.

cpe:2.3:h:juniper:atp700:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-798	Primary	nvd@nist.gov
CWE-798	Secondary	sirt@juniper.net

CWE ID: CWE-798

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-798

Type: Secondary

Source: sirt@juniper.net

References

Hyperlink	Source	Resource
https://kb.juniper.net/JSA10918	sirt@juniper.net	Vendor Advisory

Hyperlink: https://kb.juniper.net/JSA10918

Source: sirt@juniper.net

Resource:

Vendor Advisory