7.8

CVE-2019-0061

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version15.1x49 Update-
JuniperJunos Version15.1x49 Updated10
JuniperJunos Version15.1x49 Updated100
JuniperJunos Version15.1x49 Updated110
JuniperJunos Version15.1x49 Updated120
JuniperJunos Version15.1x49 Updated130
JuniperJunos Version15.1x49 Updated140
JuniperJunos Version15.1x49 Updated150
JuniperJunos Version15.1x49 Updated160
JuniperJunos Version15.1x49 Updated20
JuniperJunos Version15.1x49 Updated30
JuniperJunos Version15.1x49 Updated35
JuniperJunos Version15.1x49 Updated40
JuniperJunos Version15.1x49 Updated45
JuniperJunos Version15.1x49 Updated50
JuniperJunos Version15.1x49 Updated55
JuniperJunos Version15.1x49 Updated60
JuniperJunos Version15.1x49 Updated65
JuniperJunos Version15.1x49 Updated70
JuniperJunos Version15.1x49 Updated75
JuniperJunos Version15.1x49 Updated80
JuniperJunos Version15.1x49 Updated90
JuniperJunos Version15.1x53 Update-
JuniperJunos Version15.1x53 Updated20
JuniperJunos Version15.1x53 Updated21
JuniperJunos Version15.1x53 Updated210
JuniperJunos Version15.1x53 Updated25
JuniperJunos Version15.1x53 Updated30
JuniperJunos Version15.1x53 Updated31
JuniperJunos Version15.1x53 Updated32
JuniperJunos Version15.1x53 Updated33
JuniperJunos Version15.1x53 Updated34
JuniperJunos Version15.1x53 Updated40
JuniperJunos Version15.1x53 Updated45
JuniperJunos Version15.1x53 Updated470
JuniperJunos Version15.1x53 Updated495
JuniperJunos Version15.1x53 Updated56
JuniperJunos Version15.1x53 Updated60
JuniperJunos Version15.1x53 Updated61
JuniperJunos Version15.1x53 Updated62
JuniperJunos Version15.1x53 Updated63
JuniperJunos Version15.1x53 Updated65
JuniperJunos Version15.1x53 Updated70
JuniperJunos Version16.1 Update-
JuniperJunos Version16.1 Updater1
JuniperJunos Version16.1 Updater2
JuniperJunos Version16.1 Updater3
JuniperJunos Version16.1 Updater3-s10
JuniperJunos Version16.1 Updater3-s11
JuniperJunos Version16.1 Updater4
JuniperJunos Version16.1 Updater5
JuniperJunos Version16.1 Updater5-s4
JuniperJunos Version16.1 Updater6
JuniperJunos Version16.1 Updater6-s1
JuniperJunos Version16.1 Updater6-s6
JuniperJunos Version16.1 Updater7
JuniperJunos Version16.2 Update-
JuniperJunos Version16.2 Updater1
JuniperJunos Version16.2 Updater2
JuniperJunos Version16.2 Updater2-s1
JuniperJunos Version16.2 Updater2-s2
JuniperJunos Version16.2 Updater2-s5
JuniperJunos Version16.2 Updater2-s6
JuniperJunos Version16.2 Updater2-s7
JuniperJunos Version16.2 Updater2-s8
JuniperJunos Version17.1 Update-
JuniperJunos Version17.1 Updater1
JuniperJunos Version17.1 Updater2-s1
JuniperJunos Version17.1 Updater2-s10
JuniperJunos Version17.1 Updater2-s2
JuniperJunos Version17.1 Updater2-s3
JuniperJunos Version17.1 Updater2-s4
JuniperJunos Version17.1 Updater2-s5
JuniperJunos Version17.1 Updater2-s6
JuniperJunos Version17.1 Updater2-s7
JuniperJunos Version17.2 Update-
JuniperJunos Version17.2 Updater1-s2
JuniperJunos Version17.2 Updater1-s4
JuniperJunos Version17.2 Updater1-s7
JuniperJunos Version17.2 Updater2
JuniperJunos Version17.2 Updater2-s6
JuniperJunos Version17.3 Update-
JuniperJunos Version17.3 Updater2
JuniperJunos Version17.3 Updater2-s1
JuniperJunos Version17.3 Updater2-s2
JuniperJunos Version17.3 Updater3-s1
JuniperJunos Version17.3 Updater3-s2
JuniperJunos Version17.3 Updater3-s3
JuniperJunos Version17.4 Update-
JuniperJunos Version17.4 Updater1
JuniperJunos Version17.4 Updater1-s1
JuniperJunos Version17.4 Updater1-s2
JuniperJunos Version17.4 Updater1-s4
JuniperJunos Version17.4 Updater2
JuniperJunos Version17.4 Updater2-s1
JuniperJunos Version17.4 Updater2-s4
JuniperJunos Version18.1 Update-
JuniperJunos Version18.1 Updater2
JuniperJunos Version18.1 Updater2-s1
JuniperJunos Version18.1 Updater2-s2
JuniperJunos Version18.1 Updater3
JuniperJunos Version18.1 Updater3-s2
JuniperJunos Version18.1 Updater3-s3
JuniperJunos Version18.2 Update-
JuniperJunos Version18.2 Updater2-s1
JuniperJunos Version18.2 Updater2-s3
JuniperJunos Version18.2 Updater2-s4
JuniperJunos Version18.3 Update-
JuniperJunos Version18.3 Updater1
JuniperJunos Version18.3 Updater1-s1
JuniperJunos Version18.3 Updater1-s3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.085
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-657 Violation of Secure Design Principles

The product violates well-established principles for secure design.