CVE-2019-0070 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2019-0070?

CVE-2019-0070 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-0070?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Nfx150, Juniper Nfx250.

Vulnerability Description

An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	<= 18.1
Juniper	Nfx150	-
Juniper	Nfx250	-

Related Weaknesses (CWE)

CWE-20

References

https://kb.juniper.net/JSA10977Vendor Advisory
https://kb.juniper.net/JSA10977Vendor Advisory

FAQ

What is CVE-2019-0070?

CVE-2019-0070 is a vulnerability with a CVSS score of 8.8 (HIGH). An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execut...

How severe is CVE-2019-0070?

CVE-2019-0070 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0070?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Nfx150, Juniper Nfx250.