Sign-up

ID

VAR-201904-1566


CVE

CVE-2019-0042


TITLE

Juniper Identity Management Service Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003346

DESCRIPTION

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network. The product is managed by collecting user and device information and establishing a mapping relationship. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-0042 // JVNDB: JVNDB-2019-003346 // VULHUB: VHN-140073

AFFECTED PRODUCTS

vendor:junipermodel:identity management servicescope:ltversion:1.1.4

Trust: 1.0

vendor:junipermodel:identity management servicescope:ltversion:1.1.4 (windows)

Trust: 0.8

sources: JVNDB: JVNDB-2019-003346 // NVD: CVE-2019-0042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0042
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0042
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0042
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-547
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140073
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0042
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140073
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0042
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0042
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 4.7
version: 3.0

Trust: 1.0

NVD: CVE-2019-0042
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-140073 // JVNDB: JVNDB-2019-003346 // CNNVD: CNNVD-201904-547 // NVD: CVE-2019-0042 // NVD: CVE-2019-0042

PROBLEMTYPE DATA

problemtype:CWE-669

Trust: 1.0

problemtype:CWE-305

Trust: 1.0

problemtype:CWE-404

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-140073 // JVNDB: JVNDB-2019-003346 // NVD: CVE-2019-0042

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-547

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003346

PATCH
title:JSA10934url:https://kb.juniper.net/JSA10934
Trust: 0.8
title:Juniper Networks Identity Management Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91362
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003346 // 
            
            
            
            CNNVD: CNNVD-201904-547

EXTERNAL IDS
db:NVDid:CVE-2019-0042
Trust: 2.5
db:JUNIPERid:JSA10934
Trust: 1.7
db:JVNDBid:JVNDB-2019-003346
Trust: 0.8
db:CNNVDid:CNNVD-201904-547
Trust: 0.7
db:VULHUBid:VHN-140073
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140073 // 
            
            
            
            JVNDB: JVNDB-2019-003346 // 
            
            
            
            CNNVD: CNNVD-201904-547 // 
            
            
            
            NVD: CVE-2019-0042

REFERENCES
url:https://kb.juniper.net/jsa10934
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-0042
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0042
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140073 // 
            
            
            
            JVNDB: JVNDB-2019-003346 // 
            
            
            
            CNNVD: CNNVD-201904-547 // 
            
            
            
            NVD: CVE-2019-0042

SOURCES
db:VULHUBid:VHN-140073
db:JVNDBid:JVNDB-2019-003346
db:CNNVDid:CNNVD-201904-547
db:NVDid:CVE-2019-0042

LAST UPDATE DATE
2024-11-23T22:55:37.071000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140073date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-003346date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-547date:2021-10-29T00:00:00
db:NVDid:CVE-2019-0042date:2024-11-21T04:16:06.893

SOURCES RELEASE DATE
db:VULHUBid:VHN-140073date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003346date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-547date:2019-04-10T00:00:00
db:NVDid:CVE-2019-0042date:2019-04-10T20:29:00.977