Sign-up

ID

VAR-201904-1494


CVE

CVE-2019-0032


TITLE

Juniper Networks Service Insight and Service Now Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-003360

DESCRIPTION

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. Multiple Juniper Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Junos Space Service Now is a remote network troubleshooting client program. Junos Space Service Insight is an application that provides proactive maintenance capabilities and error notifications for network hardware and software configurations. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 2.07

sources: NVD: CVE-2019-0032 // JVNDB: JVNDB-2019-003360 // BID: 107885 // VULHUB: VHN-140063 // VULMON: CVE-2019-0032

AFFECTED PRODUCTS

vendor:junipermodel:service insightscope:gteversion:15.1r1

Trust: 1.0

vendor:junipermodel:service insightscope:ltversion:18.1r1

Trust: 1.0

vendor:junipermodel:service nowscope:ltversion:18.1r1

Trust: 1.0

vendor:junipermodel:service nowscope:gteversion:15.1r1

Trust: 1.0

vendor:junipermodel:service insightscope:ltversion:15.1r1

Trust: 0.8

vendor:junipermodel:service nowscope:eqversion:18.1r1

Trust: 0.8

vendor:junipermodel:service nowscope:ltversion:15.1r1

Trust: 0.8

vendor:junipermodel:service insightscope:eqversion:18.1r1

Trust: 0.8

vendor:junipermodel:junos space service now 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service now 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service now 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service insight 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service insight 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service insight 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space service now 18.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos space service insight 18.1r1scope:neversion: -

Trust: 0.3

sources: BID: 107885 // JVNDB: JVNDB-2019-003360 // NVD: CVE-2019-0032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0032
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2019-0032
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0032
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-562
value: HIGH

Trust: 0.6

VULHUB: VHN-140063
value: LOW

Trust: 0.1

VULMON: CVE-2019-0032
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0032
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140063
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0032
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0032
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-0032
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140063 // VULMON: CVE-2019-0032 // JVNDB: JVNDB-2019-003360 // CNNVD: CNNVD-201904-562 // NVD: CVE-2019-0032 // NVD: CVE-2019-0032

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-532

Trust: 1.1

problemtype:CWE-256

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-140063 // JVNDB: JVNDB-2019-003360 // NVD: CVE-2019-0032

THREAT TYPE

local

Trust: 0.9

sources: BID: 107885 // CNNVD: CNNVD-201904-562

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201904-562

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003360

PATCH
title:KB27572url:https://kb.juniper.net/KB27572
Trust: 0.8
title:JSA10921url:https://kb.juniper.net/JSA10921
Trust: 0.8
title:Juniper Networks Junos Space Service Now  and Junos Space Service Insight Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91377
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003360 // 
            
            
            
            CNNVD: CNNVD-201904-562

EXTERNAL IDS
db:NVDid:CVE-2019-0032
Trust: 2.9
db:BIDid:107885
Trust: 2.1
db:JUNIPERid:JSA10921
Trust: 2.1
db:JVNDBid:JVNDB-2019-003360
Trust: 0.8
db:CNNVDid:CNNVD-201904-562
Trust: 0.7
db:AUSCERTid:ESB-2019.1268
Trust: 0.6
db:VULHUBid:VHN-140063
Trust: 0.1
db:VULMONid:CVE-2019-0032
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140063 // 
            
            
            
            VULMON: CVE-2019-0032 // 
            
            
            
            BID: 107885 // 
            
            
            
            JVNDB: JVNDB-2019-003360 // 
            
            
            
            CNNVD: CNNVD-201904-562 // 
            
            
            
            NVD: CVE-2019-0032

REFERENCES
url:http://www.securityfocus.com/bid/107885
Trust: 2.5
url:https://kb.juniper.net/jsa10921
Trust: 1.8
url:https://kb.juniper.net/kb27572
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0032
Trust: 1.4
url:http://www.juniper.net
Trust: 0.9
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10921&actp=rss
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0032
Trust: 0.8
url:http://kb.juniper.net/infocenter/index
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-space-information-disclosure-via-plaintext-password-29010
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78986
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/532.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140063 // 
            
            
            
            VULMON: CVE-2019-0032 // 
            
            
            
            BID: 107885 // 
            
            
            
            JVNDB: JVNDB-2019-003360 // 
            
            
            
            CNNVD: CNNVD-201904-562 // 
            
            
            
            NVD: CVE-2019-0032

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107885

SOURCES
db:VULHUBid:VHN-140063
db:VULMONid:CVE-2019-0032
db:BIDid:107885
db:JVNDBid:JVNDB-2019-003360
db:CNNVDid:CNNVD-201904-562
db:NVDid:CVE-2019-0032

LAST UPDATE DATE
2024-11-23T22:30:02.613000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140063date:2020-09-29T00:00:00
db:VULMONid:CVE-2019-0032date:2020-09-29T00:00:00
db:BIDid:107885date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003360date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-562date:2020-10-28T00:00:00
db:NVDid:CVE-2019-0032date:2024-11-21T04:16:05.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-140063date:2019-04-10T00:00:00
db:VULMONid:CVE-2019-0032date:2019-04-10T00:00:00
db:BIDid:107885date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003360date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-562date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0032date:2019-04-10T20:29:00.537