CVE-2019-0070
Last modified
CVE-2019-0070 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | <= 18.1 |
| Juniper | Junos | 18.2 |
References
- https://kb.juniper.net/JSA10977Vendor Advisory
- https://kb.juniper.net/JSA10977Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0070?
How severe is CVE-2019-0070?
How do I fix CVE-2019-0070?
Are you affected by CVE-2019-0070?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST