PT-2019-1363 · Juniper Networks · Junos

Published

2019-01-15

·

Updated

2021-11-09

·

CVE-2019-0015

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Junos OS on SRX Series versions 12.3X48 through 12.3X48-D74 Junos OS on SRX Series versions 15.1X49 through 15.1X49-D149 Junos OS on SRX Series versions 17.3 through 17.3R2 Junos OS on SRX Series versions 17.4 through 17.4R1 Junos OS on SRX Series versions 18.1 through 18.1R2 Junos OS on SRX Series versions 18.2 through 18.2R1
Description A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. This occurs due to an error in token caching, where deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token.
Recommendations For Junos OS on SRX Series versions 12.3X48 through 12.3X48-D74, update to version 12.3X48-D75 or later. For Junos OS on SRX Series versions 15.1X49 through 15.1X49-D149, update to version 15.1X49-D150 or later. For Junos OS on SRX Series versions 17.3 through 17.3R2, update to version 17.3R3 or later. For Junos OS on SRX Series versions 17.4 through 17.4R1, update to version 17.4R2 or later. For Junos OS on SRX Series versions 18.1 through 18.1R2, update to version 18.1R3 or later. For Junos OS on SRX Series versions 18.2 through 18.2R1, update to version 18.2R2 or later.

Fix

Insufficient Session Expiration

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-613CWE-269

Related Identifiers

BDU:2019-00724
CVE-2019-0015

Affected Products

Junos