A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/106668 | Third Party Advisory VDB Entry |
| https://kb.juniper.net/JSA10915 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
09 Nov 2021, 21:22
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:* |
cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:* cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:12.3x48:d100:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:* cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r1:-:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:* cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:* cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:* cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:* cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:* cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:* cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:* |
| References | (BID) http://www.securityfocus.com/bid/106668 - Third Party Advisory, VDB Entry |
05 Feb 2021, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:* |
Information
Published : 2019-01-15 21:29
Updated : 2023-12-10 12:44
NVD link : CVE-2019-0015
Mitre link : CVE-2019-0015
CVE.ORG link : CVE-2019-0015
JSON object : View
Products Affected
juniper
- srx210
- srx4100
- srx340
- srx650
- srx5400
- srx1500
- srx110
- srx5800
- srx100
- srx5600
- srx320
- srx345
- srx3400
- srx380
- srx4000
- srx300
- srx3600
- junos
- srx1400
- srx240
- srx220
- srx550
CWE
CWE-613
Insufficient Session Expiration