CVE-2019-0039

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 14.1X53-D49 Junos OS versions prior to 15.1F6-S12 Junos OS versions prior to 15.1R7-S3 Junos OS versions prior to 15.1X49-D160 Junos OS versions prior to 15.1X53-D236 Junos OS versions prior to 15.1X53-D495 Junos OS versions prior to 15.1X53-D591 Junos OS versions prior to 15.1X53-D69 Junos OS versions prior to 16.1R3-S10 Junos OS versions prior to 16.1R4-S12 Junos OS versions prior to 16.1R6-S6 Junos OS versions prior to 16.1R7-S3 Junos OS versions prior to 16.1X65-D49 Junos OS versions prior to 16.2R2-S7 Junos OS versions prior to 17.1R2-S10 Junos OS versions prior to 17.1R3 Junos OS versions prior to 17.2R1-S8 Junos OS versions prior to 17.2R3-S1 Junos OS versions prior to 17.3R3-S2 Junos OS versions prior to 17.4R1-S6 Junos OS versions prior to 17.4R2-S2 Junos OS versions prior to 18.1R2-S4 Junos OS versions prior to 18.1R3-S1 Junos OS versions prior to 18.2R1-S5 Junos OS versions prior to 18.2X75-D30 Junos OS versions prior to 18.3R1-S1

Description The issue is related to errors in managing registration data in the Junos OS REST API interface. If the REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks.

Recommendations For Junos OS versions prior to 14.1X53-D49, update to version 14.1X53-D49 or later. For Junos OS versions prior to 15.1F6-S12, update to version 15.1F6-S12 or later. For Junos OS versions prior to 15.1R7-S3, update to version 15.1R7-S3 or later. For Junos OS versions prior to 15.1X49-D160, update to version 15.1X49-D160 or later. For Junos OS versions prior to 15.1X53-D236, update to version 15.1X53-D236 or later. For Junos OS versions prior to 15.1X53-D495, update to version 15.1X53-D495 or later. For Junos OS versions prior to 15.1X53-D591, update to version 15.1X53-D591 or later. For Junos OS versions prior to 15.1X53-D69, update to version 15.1X53-D69 or later. For Junos OS versions prior to 16.1R3-S10, update to version 16.1R3-S10 or later. For Junos OS versions prior to 16.1R4-S12, update to version 16.1R4-S12 or later. For Junos OS versions prior to 16.1R6-S6, update to version 16.1R6-S6 or later. For Junos OS versions prior to 16.1R7-S3, update to version 16.1R7-S3 or later. For Junos OS versions prior to 16.1X65-D49, update to version 16.1X65-D49 or later. For Junos OS versions prior to 16.2R2-S7, update to version 16.2R2-S7 or later. For Junos OS versions prior to 17.1R2-S10, update to version 17.1R2-S10 or later. For Junos OS versions prior to 17.1R3, update to version 17.1R3 or later. For Junos OS versions prior to 17.2R1-S8, update to version 17.2R1-S8 or later. For Junos OS versions prior to 17.2R3-S1, update to version 17.2R3-S1 or later. For Junos OS versions prior to 17.3R3-S2, update to version 17.3R3-S2 or later. For Junos OS versions prior to 17.4R1-S6, update to version 17.4R1-S6 or later. For Junos OS versions prior to 17.4R2-S2, update to version 17.4R2-S2 or later. For Junos OS versions prior to 18.1R2-S4, update to version 18.1R2-S4 or later. For Junos OS versions prior to 18.1R3-S1, update to version 18.1R3-S1 or later. For Junos OS versions prior to 18.2R1-S5, update to version 18.2R1-S5 or later. For Junos OS versions prior to 18.2X75-D30, update to version 18.2X75-D30 or later. For Junos OS versions prior to 18.3R1-S1, update to version 18.3R1-S1 or later.