CVE-2019-0020

Juniper ATP: Hard coded credentials used in Web Collector

CVSS 10 CRITICALEPSS 1.6%CWE-798

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 10EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Jan 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Juniper Networks · Juniper ATP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.juniper.net/JSA10918