Sign-up

ID

VAR-201910-1659


CVE

CVE-2019-0072


TITLE

Juniper Networks SBR Carrier Vulnerable to information leak from cache

Trust: 0.8

sources: JVNDB: JVNDB-2019-011160

DESCRIPTION

An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4. Juniper Networks SBR Carrier is a set of AAA (Authentication, Authorization and Accounting) servers suitable for operators from Juniper Networks. The product mainly provides functions such as network resource management, user access control, and billing

Trust: 2.25

sources: NVD: CVE-2019-0072 // JVNDB: JVNDB-2019-011160 // CNVD: CNVD-2021-28795 // VULHUB: VHN-140103

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28795

AFFECTED PRODUCTS

vendor:junipermodel:sbr carrierscope:eqversion:8.4.1

Trust: 1.6

vendor:junipermodel:sbr carrierscope:eqversion:8.5.0

Trust: 1.6

vendor:junipermodel:sbr carrierscope:ltversion:8.4.1 thats all 8.4.1r13

Trust: 0.8

vendor:junipermodel:sbr carrierscope:ltversion:8.5.0 thats all 8.5.0r4

Trust: 0.8

vendor:junipermodel:networks juniper networks sbr carrier 8.4.1,<8.4.1r13scope: - version: -

Trust: 0.6

vendor:junipermodel:networks juniper networks sbr carrier 8.5.0,<8.5.0r4scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-28795 // JVNDB: JVNDB-2019-011160 // CNNVD: CNNVD-201910-592 // NVD: CVE-2019-0072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0072
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0072
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0072
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-28795
value: LOW

Trust: 0.6

CNNVD: CNNVD-201910-592
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140103
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0072
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-28795
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-140103
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0072
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2019-0072
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.1
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-0072
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28795 // VULHUB: VHN-140103 // JVNDB: JVNDB-2019-011160 // CNNVD: CNNVD-201910-592 // NVD: CVE-2019-0072 // NVD: CVE-2019-0072

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.9

problemtype:CWE-256

Trust: 1.0

sources: VULHUB: VHN-140103 // JVNDB: JVNDB-2019-011160 // NVD: CVE-2019-0072

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-592

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-592

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011160

PATCH
title: JSA10971url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10971&actp=METADATA
Trust: 0.8
title:Patch for Juniper Networks SBR Carrier has unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/258946
Trust: 0.6
title:Juniper Networks SBR Carrier Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99236
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28795 // 
            
            
            
            JVNDB: JVNDB-2019-011160 // 
            
            
            
            CNNVD: CNNVD-201910-592

EXTERNAL IDS
db:NVDid:CVE-2019-0072
Trust: 3.1
db:JUNIPERid:JSA10971
Trust: 2.3
db:JVNDBid:JVNDB-2019-011160
Trust: 0.8
db:CNNVDid:CNNVD-201910-592
Trust: 0.7
db:CNVDid:CNVD-2021-28795
Trust: 0.6
db:VULHUBid:VHN-140103
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-28795 // 
            
            
            
            VULHUB: VHN-140103 // 
            
            
            
            JVNDB: JVNDB-2019-011160 // 
            
            
            
            CNNVD: CNNVD-201910-592 // 
            
            
            
            NVD: CVE-2019-0072

REFERENCES
url:https://kb.juniper.net/jsa10971
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-0072
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0072
Trust: 0.8
url:https://vigilance.fr/vulnerability/juniper-sbr-carrier-information-disclosure-via-certificate-generation-30570
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-28795 // 
            
            
            
            VULHUB: VHN-140103 // 
            
            
            
            JVNDB: JVNDB-2019-011160 // 
            
            
            
            CNNVD: CNNVD-201910-592 // 
            
            
            
            NVD: CVE-2019-0072

SOURCES
db:CNVDid:CNVD-2021-28795
db:VULHUBid:VHN-140103
db:JVNDBid:JVNDB-2019-011160
db:CNNVDid:CNNVD-201910-592
db:NVDid:CVE-2019-0072

LAST UPDATE DATE
2024-11-23T22:41:18.517000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-28795date:2021-04-16T00:00:00
db:VULHUBid:VHN-140103date:2019-10-21T00:00:00
db:JVNDBid:JVNDB-2019-011160date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-592date:2019-11-06T00:00:00
db:NVDid:CVE-2019-0072date:2024-11-21T04:16:11.597

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-28795date:2021-04-16T00:00:00
db:VULHUBid:VHN-140103date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-011160date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-592date:2019-10-09T00:00:00
db:NVDid:CVE-2019-0072date:2019-10-09T20:15:18.190