First published: Wed Oct 09 2019(Updated: )
A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | =15.1-f1 | |
Juniper JUNOS | =15.1-f2 | |
Juniper JUNOS | =15.1-f2-s1 | |
Juniper JUNOS | =15.1-f2-s2 | |
Juniper JUNOS | =15.1-f2-s3 | |
Juniper JUNOS | =15.1-f2-s4 | |
Juniper JUNOS | =15.1-f3 | |
Juniper JUNOS | =15.1-f4 | |
Juniper JUNOS | =15.1-f5 | |
Juniper JUNOS | =15.1-f6 | |
Juniper JUNOS | =15.1-f6-s3 | |
Juniper Ex9200 | ||
Juniper Nfx150 | ||
Juniper Qfx10002 | ||
Juniper Qfx10008 | ||
Juniper Qfx10016 | ||
Juniper JUNOS | =16.1-r6 | |
Juniper JUNOS | =16.1-r6-s1 | |
Juniper JUNOS | =16.1-r7 | |
Juniper JUNOS | =17.1 | |
Juniper JUNOS | =17.1-r1 | |
Juniper JUNOS | =17.1-r2-s1 | |
Juniper JUNOS | =17.1-r2-s10 | |
Juniper JUNOS | =17.1-r2-s2 | |
Juniper JUNOS | =17.1-r2-s3 | |
Juniper JUNOS | =17.1-r2-s4 | |
Juniper JUNOS | =17.1-r2-s5 | |
Juniper JUNOS | =17.1-r2-s6 | |
Juniper JUNOS | =17.1-r2-s7 | |
Juniper JUNOS | =17.2 | |
Juniper JUNOS | =17.2-r1-s2 | |
Juniper JUNOS | =17.2-r1-s4 | |
Juniper JUNOS | =17.2-r1-s7 | |
Juniper JUNOS | =17.2-r1-s8 | |
Juniper JUNOS | =17.2-r2-s6 | |
Juniper JUNOS | =17.2-r2-s7 | |
Juniper JUNOS | =17.3-r1-s1 | |
Juniper JUNOS | =17.3-r2 | |
Juniper JUNOS | =17.3-r2-s1 | |
Juniper JUNOS | =17.3-r2-s2 | |
Juniper JUNOS | =17.3-r3 | |
Juniper JUNOS | =17.4-r1 | |
Juniper JUNOS | =17.4-r1-s1 | |
Juniper JUNOS | =17.4-r1-s2 | |
Juniper JUNOS | =17.4-r1-s4 | |
Juniper JUNOS | =17.4-r1-s7 | |
Juniper JUNOS | =17.4-r2 | |
Juniper JUNOS | =17.4-r2-s1 | |
Juniper JUNOS | =18.1 | |
Juniper JUNOS | =18.1-r2 | |
Juniper JUNOS | =18.1-r2-s1 | |
Juniper JUNOS | =18.1-r2-s2 | |
Juniper JUNOS | =18.1-r3 | |
Juniper JUNOS | =18.1-r3-s2 | |
Juniper JUNOS | =18.2 | |
Juniper JUNOS | =18.2-r1-s5 | |
Juniper JUNOS | =18.2x75 | |
Juniper JUNOS | =18.2x75-d20 | |
Juniper JUNOS | =18.3 | |
Juniper JUNOS | =18.3-r1 | |
Juniper JUNOS | =18.3-r1-s1 | |
Juniper JUNOS | =18.3-r1-s3 | |
Juniper JUNOS | =18.4 | |
Juniper JUNOS | =18.4-r1 | |
Juniper JUNOS | =18.4-r1-s2 |
The following software releases have been updated to resolve these specific issues: 15.1F6-S12, 16.1R6-S6, 16.1R7-S3, 17.1R3, 17.2R3-S1, 17.3R3-S3, 17.4R1-S6, 17.4R2-S2, 17.4R3, 18.1R2-S4, 18.1R3-S3, 18.2R2, 18.2R3, 18.2X75-D40, 18.3R1-S2, 18.3R2, 18.4R1-S1, 18.4R2, 19.1R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.