CVE-2019-0073

The PKI keys exported using the command run request security pki key-pair export on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name	Vendor	Start Version	End Version
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49
Junos	Juniper	15.1x49	15.1x49

References

https://kb.juniper.net/JSA10974

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-0073
CWE	https://cwe.mitre.org/data/definitions/281.html

Improper Preservation of Permissions

Weakness

Affected Software

References