CVE-2019-0071

Name of the Vulnerable Software and Affected Versions Junos OS versions 18.1R3-S4 on EX2300, EX2300-C, and EX3400 Junos OS versions 18.3R1-S3 on EX2300, EX2300-C, and EX3400

Description The Veriexec subsystem in Junos OS, responsible for ensuring only authorized binaries are executed, fails to initialize due to a flaw. This allows a locally authenticated user with shell access to install untrusted executable images and potentially elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS, error messages related to undefined symbols and authentication errors are logged to the console.

Recommendations For Junos OS versions 18.1R3-S4 on EX2300, EX2300-C, and EX3400: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Junos OS versions 18.3R1-S3 on EX2300, EX2300-C, and EX3400: At the moment, there is no information about a newer version that contains a fix for this vulnerability.