CVE-2019-0015 : What You Need to Know
Learn about CVE-2019-0015, a vulnerability in Junos OS on SRX Series devices allowing deleted dynamic VPN users to establish connections until reboot. Find out the impacted versions and mitigation steps.
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted.
Understanding CVE-2019-0015
What is CVE-2019-0015?
This CVE identifies a flaw in Junos OS on SRX Series devices that permits deleted dynamic VPN users to reconnect until the device is rebooted.
The Impact of CVE-2019-0015
The vulnerability allows deleted users to establish VPN connections, posing a risk of unauthorized access until a reboot clears the cached authentication token.
Technical Details of CVE-2019-0015
Vulnerability Description
The issue arises from a token caching error, enabling deleted dynamic VPN users to reconnect after a successful connection until a reboot.
Affected Systems and Versions
- Platforms: SRX Series
- Affected Versions: 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2
Exploitation Mechanism
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
Mitigation and Prevention
Immediate Steps to Take
- Disallow deleted dynamic VPN connections from establishing new VPN connections immediately.
- Reboot the device to clear the cached authentication token.
Long-Term Security Practices
- Regularly update to the patched software releases.
Patching and Updates
- Update to the following software releases: Junos OS 12.3X48-D75, 15.1X49-D150, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1, and subsequent versions.