How severe is CVE-2019-0039?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-0039?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2019-0039

MEDIUM Year: 2019

CVSS v3 Score

5.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-307

View all →

Vulnerability Description

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password policy can increase the likelihood of success from brute force attacks. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D495, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.2 versions prior to 18.2R1-S5; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S1.

CVE-2017-10604

MEDIUM

CVSS:5.3(Medium)

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the ro...

CWE-3072017

CVE-2018-16703

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in...

CWE-3072018

CVE-2019-1126

MEDIUM

CVSS:5.3(Medium)

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an atta...

CWE-3072019

CVE-2020-1616

MEDIUM

CVSS:5.3(Medium)

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) ...

CWE-3072020

CVE-2020-4232

MEDIUM

CVSS:5.3(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system...

CWE-3072020

CVE-2020-7057

MEDIUM

CVSS:5.3(Medium)

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists,...

CWE-3072020

CVE-2019-0039

Vulnerability Description

Related Vulnerabilities

CVE-2017-10604

CVE-2018-16703

CVE-2019-1126

CVE-2020-1616

CVE-2020-4232

CVE-2020-7057