CVE-2019-0074

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 15.1F6-S12 Junos OS versions 16.1R6 through 16.1R6-S6 Junos OS versions 16.1R7 through 16.1R7-S3 Junos OS versions prior to 17.1R3 Junos OS versions 17.2R1-S3 through 17.2R3-S1 Junos OS versions 17.3R1-S1 through 17.3R3-S3 Junos OS versions 17.4R1 through 17.4R1-S6 Junos OS versions 17.4R2 through 17.4R2-S2 Junos OS versions 17.4R3 and earlier Junos OS versions prior to 18.1R2-S4 Junos OS versions prior to 18.1R3-S3 Junos OS versions prior to 18.2R2 Junos OS versions prior to 18.2X75-D40 Junos OS versions prior to 18.3R1-S2 Junos OS versions prior to 18.3R2 Junos OS versions prior to 18.4R1-S1 Junos OS versions prior to 18.4R2

Description A path traversal vulnerability in Junos OS on NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue affects devices that use vmhost.

Recommendations For versions 15.1F, update to 15.1F6-S12 or later. For versions 16.1R6 through 16.1R6-S6, update to 16.1R6-S6 or later. For versions 16.1R7 through 16.1R7-S3, update to 16.1R7-S3 or later. For versions prior to 17.1R3, update to 17.1R3 or later. For versions 17.2R1-S3 through 17.2R3-S1, update to 17.2R3-S1 or later. For versions 17.3R1-S1 through 17.3R3-S3, update to 17.3R3-S3 or later. For versions 17.4R1 through 17.4R1-S6, update to 17.4R1-S6 or later. For versions 17.4R2 through 17.4R2-S2, update to 17.4R2-S2 or later. For versions 17.4R3 and earlier, update to a version later than 17.4R3. For versions prior to 18.1R2-S4, update to 18.1R2-S4 or later. For versions prior to 18.1R3-S3, update to 18.1R3-S3 or later. For versions prior to 18.2R2, update to 18.2R2 or later. For versions prior to 18.2X75-D40, update to 18.2X75-D40 or later. For versions prior to 18.3R1-S2, update to 18.3R1-S2 or later. For versions prior to 18.3R2, update to 18.3R2 or later. For versions prior to 18.4R1-S1, update to 18.4R1-S1 or later. For versions prior to 18.4R2, update to 18.4R2 or later.