7.8
Advisory Published
Updated

CVE-2019-0057: NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.

First published: Wed Oct 09 2019(Updated: )

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper JUNOS<=18.1
Juniper JUNOS=18.2
Juniper JUNOS=18.2x75
Juniper Nfx150
Juniper Nfx250

Remedy

The following software releases have been updated to resolve this specific issue: 18.2R1, 18.2X75-D5, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-0057?

    CVE-2019-0057 is an improper authorization weakness in Juniper Networks Junos OS.

  • How does CVE-2019-0057 impact Juniper Networks Junos OS?

    CVE-2019-0057 allows a local authenticated attacker to bypass regular security controls and access the Junos Device Manager (JDM) application to take control of the system.

  • Which versions of Juniper Networks Junos OS are affected by CVE-2019-0057?

    Juniper Networks Junos OS versions prior to 18.2R1, 18.2X, 18.2x75 are affected by CVE-2019-0057.

  • What is the severity of CVE-2019-0057?

    CVE-2019-0057 has a severity rating of 7.8 (high).

  • How can I fix CVE-2019-0057?

    To fix CVE-2019-0057, it is recommended to update to Juniper Networks Junos OS version 18.2R1, 18.2X, or 18.2x75.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203