CVE Vulnerabilities

CVE-2019-0015

Insufficient Session Expiration

Published: Jan 15, 2019 | Modified: Nov 09, 2021
CVSS 3.x
5.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 12.3x48 12.3x48
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 15.1x49 15.1x49
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.3 17.3
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 17.4 17.4
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.1 18.1
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2
Junos Juniper 18.2 18.2

Potential Mitigations

References