Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0074

A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 6 products from juniper, from juniper, from juniper and 3 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-10-09T20:15:18.393

Last Modified

2024-11-21T04:16:11.870

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-22
CWE-23
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Operating System	juniper	junos	15.1	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	16.1	Yes
Operating System	juniper	junos	16.1	Yes
Operating System	juniper	junos	16.1	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Operating System	juniper	junos	17.1	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Operating System	juniper	junos	17.2	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	17.3	Yes
Operating System	juniper	junos	17.3	Yes
Operating System	juniper	junos	17.3	Yes
Operating System	juniper	junos	17.3	Yes
Operating System	juniper	junos	17.3	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Operating System	juniper	junos	17.4	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	18.1	Yes
Operating System	juniper	junos	18.1	Yes
Operating System	juniper	junos	18.1	Yes
Operating System	juniper	junos	18.1	Yes
Operating System	juniper	junos	18.1	Yes
Operating System	juniper	junos	18.1	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	18.2	Yes
Operating System	juniper	junos	18.2	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	18.2x75	Yes
Operating System	juniper	junos	18.2x75	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Hardware	juniper	ex9200	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No

References

https://kb.juniper.net/JSA10975 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA10975 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For juniper's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.