CVE-2019-0073
Description
The PKI keys exported using the command run request security pki key-pair export on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.033
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-0051,CVE-2019-0068,CVE-2019-0073 are fixed in junos 15.1x49-d180 | NCM |
| Vulnerabilities CVE-2019-0073,CVE-2019-0075 are fixed in junos 17.3r3-s7* | NCM |
| Multiple Vulnerabilities are fixed in junos 17.4r2-s8 | NCM |
| Vulnerabilities CVE-2019-0062,CVE-2019-0073 are fixed in junos 18.1r3-s8* | NCM |
| Multiple Vulnerabilities are fixed in junos 18.2R3 | NCM |
| Multiple Vulnerabilities are fixed in junos 18.3R2 | NCM |
| Multiple Vulnerabilities are fixed in junos 18.4R2 | NCM |
| Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-0073) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234