Unrated severityNVD Advisory· Published Jan 15, 2019· Updated Sep 16, 2024

Juniper ATP: API and device keys are logged in a world-readable permissions file

CVE-2019-0004

Description

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

Affected products

Zyxel/ATPllm-fuzzy
Range: <5.0.3
Juniper Networks/Juniper ATPv5
Range: 5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.juniper.net/JSA10918mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000