How severe is CVE-2019-0073?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2019-0073?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2019-0073

HIGH Year: 2019

CVSS v3 Score

7.1

High

CVSS v2 Score

2.1

Low

Weakness Type

CWE-732

View all →

Vulnerability Description

The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.

CVE-2001-0006

HIGH

CVSS:7.1(High)

The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock netw...

CWE-7322001

CVE-2004-1714

HIGH

CVSS:7.1(High)

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a d...

CWE-7322004

CVE-2005-4868

HIGH

CVSS:7.1(High)

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, su...

CWE-7322005

CVE-2009-3611

HIGH

CVSS:7.1(High)

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive inform...

CWE-7322009

CVE-2009-3939

HIGH

CVSS:7.1(High)

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying th...

CWE-7322009

CVE-2017-18284

HIGH

CVSS:7.1(High)

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to thi...

CWE-7322017

CVE-2019-0073

Vulnerability Description

Related Vulnerabilities

CVE-2001-0006

CVE-2004-1714

CVE-2005-4868

CVE-2009-3611

CVE-2009-3939

CVE-2017-18284