CVE-2019-0073

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 15.1X49-D180 Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S7 Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S8, 17.4R3 Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S8 Juniper Networks Junos OS 18.2 versions prior to 18.2R3 Juniper Networks Junos OS 18.3 versions prior to 18.3R2 Juniper Networks Junos OS 18.4 versions prior to 18.4R2

Description The issue affects the PKI keys exported using the command "run request security pki key-pair export" on Junos OS, which may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them.

Recommendations For Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180, update to version 15.1X49-D180 or later. For Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S7, update to version 17.3R3-S7 or later. For Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S8, 17.4R3, update to version 17.4R2-S8 or later. For Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S8, update to version 18.1R3-S8 or later. For Juniper Networks Junos OS 18.2 versions prior to 18.2R3, update to version 18.2R3 or later. For Juniper Networks Junos OS 18.3 versions prior to 18.3R2, update to version 18.3R2 or later. For Juniper Networks Junos OS 18.4 versions prior to 18.4R2, update to version 18.4R2 or later.