Vulnerability Description
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 12.3x48 |
| Juniper | Srx100 | - |
| Juniper | Srx110 | - |
| Juniper | Srx1400 | - |
| Juniper | Srx1500 | - |
| Juniper | Srx210 | - |
| Juniper | Srx220 | - |
| Juniper | Srx240 | - |
| Juniper | Srx300 | - |
| Juniper | Srx320 | - |
| Juniper | Srx340 | - |
| Juniper | Srx3400 | - |
| Juniper | Srx345 | - |
| Juniper | Srx3600 | - |
| Juniper | Srx380 | - |
| Juniper | Srx4000 | - |
| Juniper | Srx4100 | - |
| Juniper | Srx5400 | - |
| Juniper | Srx550 | - |
| Juniper | Srx5600 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106668Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10915Vendor Advisory
- http://www.securityfocus.com/bid/106668Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10915Vendor Advisory
FAQ
What is CVE-2019-0015?
CVE-2019-0015 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immedia...
How severe is CVE-2019-0015?
CVE-2019-0015 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0015?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Srx100, Juniper Srx110, Juniper Srx1400, Juniper Srx1500.