CVE-2019-0042 MEDIUM

CVE-2019-0042: Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices

Vendor Juniper Networks
Product Juniper Identity Management Service
Weakness CWE-404
Published April 10, 2019
Last update September 16, 2024

CVSS base score

5.7/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

What the vulnerability does

01Description

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.

Key dates

02Disclosure timeline

April 10, 2019 CVE published
September 16, 2024 Record updated