CVE-2019-0061

Summary

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS15.1X49 < 15.1X49-D171, 15.1X49-D180affected
Juniper NetworksJunos OS15.1X53 < 15.1X53-D496, 15.1X53-D69affected
Juniper NetworksJunos OS16.1 < 16.1R7-S4affected
Juniper NetworksJunos OS16.2 < 16.2R2-S9affected
Juniper NetworksJunos OS17.1 < 17.1R3affected
Juniper NetworksJunos OS17.2 < 17.2R1-S8, 17.2R2-S7, 17.2R3-S1affected
Juniper NetworksJunos OS17.3 < 17.3R3-S4affected
Juniper NetworksJunos OS17.4 < 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3affected
Juniper NetworksJunos OS18.1 < 18.1R2-S4, 18.1R3-S4affected
Juniper NetworksJunos OS18.2 < 18.2R1-S5, 18.2R2-S2, 18.2R3affected
Juniper NetworksJunos OS18.3 < 18.3R1-S3, 18.3R2affected
Juniper NetworksJunos OS18.4 < 18.4R1-S2, 18.4R2affected

Weaknesses

  • CWE-657: CWE-657 Violation of Secure Design Principles

Workarounds

Limit access to the Junos shell to only trusted administrators.

ADP Enrichment

CVE Program Container

Additional References

References