CVE-2019-0004 HIGH

CVE-2019-0004: Juniper ATP: API and device keys are logged in a world-readable permissions file

Vendor Juniper Networks
Product Juniper ATP
Weakness CWE-532 · Sensitive info in logs
Published January 15, 2019
Last update September 16, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Key dates

02Disclosure timeline

January 15, 2019 CVE published
September 16, 2024 Record updated