PT-2019-1173 · Juniper Networks · Juniper Advanced Threat Prevention

Publicado

2019-01-09

Atualizado

2019-10-09

CVE-2019-0021

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Juniper Advanced Threat Prevention versions prior to 5.0.4

Description The issue is related to the storage of a secret passphrase in clear text in the /var/log/syslog file. This could allow an authenticated local user to view sensitive information. The set mcm command is an example of a CLI input that is logged in clear text.

Recommendations For Juniper Advanced Threat Prevention versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/log/syslog file to minimize the risk of exploitation. Avoid using the set mcm command until the issue is resolved.

Correção

Information Disclosure

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-532

Identificadores relacionados

BDU:2019-00240

CVE-2019-0021

Produtos afetados

Juniper Advanced Threat Prevention

PT-2019-1173 · Juniper Networks · Juniper Advanced Threat Prevention

CVE-2019-0021

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6