Vulnerability Name:

CVE-2019-0071 (CCN-168723)

Assigned:2018-10-11
Published:2019-10-09
Updated:2020-09-29
Summary:Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-354
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2019-0071

Source: XF
Type: UNKNOWN
juniper-cve20190071-priv-esc(168723)

Source: CCN
Type: Juniper Networks Security Bulletin JSA10978
Junos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific versions of Junos OS (CVE-2019-0071)

Source: MISC
Type: Vendor Advisory
https://kb.juniper.net/JSA10978

Source: MISC
Type: Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/concept/veriexec.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*
  • OR cpe:/o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*
  • AND
  • cpe:/h:juniper:ex2300:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:ex2300-c:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:ex3400:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:juniper:junos:18.3:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper junos 18.1 r3-s4
    juniper junos 18.3 r1-s3
    juniper ex2300 -
    juniper ex2300-c -
    juniper ex3400 -
    juniper junos 18.3 -