Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services…
juniper·CWE-404·Published 2019-04-10
Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.
Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network.
El Juniper Identity Management Service (JIMS) para versiones de Windows anteriores a 1.1.4 puede enviar un mensaje de manera inapropiada a las puertas de enlace de servicios SRX asociadas. Esto puede permitir que un atacante con acceso físico a un dominio existente conectado al sistema Windows omita las políticas de firewall SRX, o desencadene una condición de Denegación de Servicio (DoS) para la red.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 1.9 | 3.4 | 2.9 | AV:L/AC:M/Au:N/C:N/I:N/A:P |
| 3.0 | Primary | cve.org | 5.7 | — | — | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H |
| 3.0 | Primary | cve.org | 5.7 | — | — | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H |
| 3.0 | Secondary | NVD | 5.7 | 0.5 | 4.7 | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H |
| 3.1 | Primary | NVD | 4.2 | 0.5 | 3.6 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |