CVE-2019-0042 : Vulnerability Insights and Analysis
Learn about CVE-2019-0042, a vulnerability in Juniper Identity Management Service (JIMS) for Windows versions below 1.1.4. Understand the impact, affected systems, exploitation mechanism, and mitigation steps.
Versions of Juniper Identity Management Service (JIMS) for Windows prior to 1.1.4 have a vulnerability that could potentially result in the transmission of a faulty message to connected SRX services gateways, leading to security risks.
Understanding CVE-2019-0042
This CVE involves a vulnerability in Juniper Identity Management Service (JIMS) for Windows that could allow attackers to bypass SRX firewall policies and potentially trigger a Denial of Service (DoS) situation.
What is CVE-2019-0042?
CVE-2019-0042 is a security vulnerability in Juniper Identity Management Service (JIMS) for Windows versions below 1.1.4. It enables attackers with physical access to a Windows system within the domain to send incorrect messages to SRX services gateways, potentially bypassing firewall policies and causing network disruptions.
The Impact of CVE-2019-0042
Exploiting this vulnerability could lead to the following consequences:
- Bypassing SRX firewall policies
- Triggering a Denial of Service (DoS) situation for the network
- Potential security breaches due to incorrect messages being transmitted
Technical Details of CVE-2019-0042
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows attackers with physical access to a Windows system within the domain to send incorrect messages to SRX services gateways, potentially bypassing firewall policies.
Affected Systems and Versions
- Product: Juniper Identity Management Service
- Vendor: Juniper Networks
- Versions Affected: < 1.1.4
Exploitation Mechanism
The issue arises when the Windows Domain Controller's policy is set to audit account logon failures and SRX has security policies configured with the term "match source-identity authenticated-user".
Mitigation and Prevention
To address CVE-2019-0042, follow these mitigation strategies:
Immediate Steps to Take
- Edit GPO policy on domain controller(s) to uncheck "Failure" for "Audit account logon events"
- Update policy changes using "gpupdate /force" command
Long-Term Security Practices
- Regularly update Juniper Identity Management Service to version 1.1.4 or later
- Monitor SRX auth table for suspicious or unusual entries and remove them
Patching and Updates
- Ensure that software releases 1.1.4 and subsequent versions are installed to resolve the vulnerability