// For flags

CVE-2019-0042

Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices

Severity Score

4.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.

El Juniper Identity Management Service (JIMS) para versiones de Windows anteriores a 1.1.4 puede enviar un mensaje de manera inapropiada a las puertas de enlace de servicios SRX asociadas. Esto puede permitir que un atacante con acceso físico a un dominio existente conectado al sistema Windows omita las políticas de firewall SRX, o desencadene una condición de Denegación de Servicio (DoS) para la red.

*Credits: N/A
CVSS Scores
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-11 CVE Reserved
  • 2019-04-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-305: Authentication Bypass by Primary Weakness
  • CWE-404: Improper Resource Shutdown or Release
  • CWE-669: Incorrect Resource Transfer Between Spheres
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA10934 2021-10-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
 Identity Management Service
Search vendor "Juniper" for product "Identity Management Service"
 < 1.1.4
Search vendor "Juniper" for product "Identity Management Service" and version " < 1.1.4"
windows
Affected