Search criteria
150 vulnerabilities found for junos_space by juniper
FKIE_CVE-2021-0220
Vulnerability from fkie_nvd - Published: 2021-01-15 18:15 - Updated: 2024-11-21 05:42
Severity ?
Summary
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11110 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11110 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "289CAAE5-882C-4236-BF76-B20F8A7F3014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA36F3E8-0F58-4635-843C-B3C62FD48682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA96869-72CF-49D2-94E1-4FF8102A29CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21DA6F2F-72F5-4D3A-AB4C-2C5D56C615FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CF9AF7-A335-4C05-9F45-08253A521D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7E9A7-CA85-4F4D-8F0C-DF0C79A80B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61A323AE-7C8D-49F3-BB47-15DEBAFC86BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC058B-C096-455B-9A75-5191E00A367D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E79208-AF42-48D9-990C-E2E2E1DE8E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5E2C05-12C0-48B6-BE84-0A045B2A2B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "167749D0-F3B8-48F3-BFC8-37A531E48C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754E5-ACBB-45DE-B983-0888A8EB7CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84E7CE7F-4410-461D-9381-B186789B6509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5BE1AAAA-0C4E-4059-96E7-4D118BF2DBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.1:r1.8:*:*:*:*:*:*",
"matchCriteriaId": "04858E4C-720A-400E-81AF-B5572424B351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "5EDD9296-6FB1-45E2-80EE-9F0F84CAFC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DC29AA1D-4CBC-413A-9333-72F3616CE918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E0D618D6-F413-47DD-BD26-4F62B7227A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "B5A79F3A-80B9-4D98-92EE-681ED2E716B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "3E4B00D0-93F9-4145-BA91-6F4A66F19854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*",
"matchCriteriaId": "74CB3FCB-192A-48A7-9FF3-3D228729AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2EB54773-A54F-4D9E-B213-464421B4FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.1:-:*:*:*:*:*:*",
"matchCriteriaId": "28D46176-27CE-4EAF-AF83-83F81A798103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F3EAC6FC-A2DC-4EF1-BF56-93728A9CDDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "BE35151C-FCF6-4A89-8283-B24225019241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.1:-:*:*:*:*:*:*",
"matchCriteriaId": "041D10A1-B577-4109-A98D-DA20560FDA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "D82DF30A-C838-49AC-95DC-16D765FD5588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.2:-:*:*:*:*:*:*",
"matchCriteriaId": "3FD83E88-0DD9-4584-B594-2839D15FA055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.3:-:*:*:*:*:*:*",
"matchCriteriaId": "5F1FA208-9AC5-414A-917A-6595917440EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "746F17A3-C20A-495D-9EEA-635392ECE907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:19.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F113B1F6-CF32-4BB4-A3C5-638D1531FE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC5AA529-494F-4297-88FE-4C58B8FCA8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F319D4E-938C-44AF-868A-FBFF077D6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7481D0BF-0B4E-41E1-9DC7-0CBEE8375A1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4A0C81-8572-4611-BD73-FE84099E7D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "58BFEC5C-5F42-4222-8B5B-AAC9466AEC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA0A62-CEBF-4B19-AB8C-AB29209EC59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "93C64B73-6631-4369-9CC3-8CE4EDB7A790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD163C75-D934-4960-9834-8BA2A0218A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "222D409D-F0C5-4B52-84FC-D199A00A7ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34CAC9C5-05C5-4027-A011-6EAA3DC5DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "C04B6957-6526-4387-B146-8D9A11943F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "480F31B7-6C19-466B-8083-0740D83D6309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BE62ED23-10C0-470A-8835-B6E6DACF1023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
},
{
"lang": "es",
"value": "Se ha encontrado que Junos Space Network Management Platform almacena secretos compartidos en un formato recuperable que puede ser expuesto por medio de la Interfaz de Usuario.\u0026#xa0;Un atacante que puede ejecutar c\u00f3digo arbitrario en el navegador de la v\u00edctima (por ejemplo, por medio de un ataque de tipo XSS) o acceder al contenido almacenado en cach\u00e9 puede obtener una copia de las credenciales administradas por Junos Space.\u0026#xa0;El impacto de un ataque con \u00e9xito incluye, pero no est\u00e1 limitado a, conseguir acceso a otros servidores conectados a Junos Space Management Platform.\u0026#xa0;Este problema afecta a Juniper Networks Junos Space versiones anteriores a 20.3R1"
}
],
"id": "CVE-2021-0220",
"lastModified": "2024-11-21T05:42:14.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-01-15T18:15:15.667",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11110"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-257"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1611
Vulnerability from fkie_nvd - Published: 2020-01-15 09:15 - Updated: 2024-11-21 05:10
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10993 | Vendor Advisory | |
| sirt@juniper.net | https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10993 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 17.1 | |
| juniper | junos_space | 17.2 | |
| juniper | junos_space | 18.1 | |
| juniper | junos_space | 18.2 | |
| juniper | junos_space | 18.3 | |
| juniper | junos_space | 18.4 | |
| juniper | junos_space | 19.1 | |
| juniper | junos_space | 19.2 | |
| juniper | junos_space | 19.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "2E80FD6E-A2E7-4B8C-BFC8-D9B0F32245C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "58BFEC5C-5F42-4222-8B5B-AAC9466AEC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA0A62-CEBF-4B19-AB8C-AB29209EC59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "93C64B73-6631-4369-9CC3-8CE4EDB7A790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD163C75-D934-4960-9834-8BA2A0218A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "222D409D-F0C5-4B52-84FC-D199A00A7ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34CAC9C5-05C5-4027-A011-6EAA3DC5DB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "C04B6957-6526-4387-B146-8D9A11943F59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Inclusi\u00f3n de Archivo Local en Juniper Networks Junos Space, permite a un atacante visualizar todos los archivos en el destino cuando el dispositivo recibe paquetes HTTP maliciosos. Este problema afecta a: Juniper Networks Junos Space versiones anteriores a 19.4R1."
}
],
"id": "CVE-2020-1611",
"lastModified": "2024-11-21T05:10:57.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-15T09:15:12.857",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"source": "sirt@juniper.net",
"tags": [
"Permissions Required"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0016
Vulnerability from fkie_nvd - Published: 2019-01-15 21:29 - Updated: 2024-11-21 04:16
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10917 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10917 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 17.1 | |
| juniper | junos_space | 17.2 | |
| juniper | junos_space | 18.1 | |
| juniper | junos_space | 18.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "7B610137-66AC-43D3-BBAE-4390011C20AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "D81E5484-5C0D-44CB-90A8-65EE4E7D4F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "5EDD9296-6FB1-45E2-80EE-9F0F84CAFC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "A53A9542-72FD-40E8-94F1-C7C0D776D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DC29AA1D-4CBC-413A-9333-72F3616CE918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "00FCCF10-B612-46FC-94E6-70082F2E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E5F85CA0-36F3-48EE-8D35-A986412C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "61813043-BAED-4803-9D5B-7B7E113D2FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7A3698B1-CC10-40D0-872C-417263C7A949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "B5A79F3A-80B9-4D98-92EE-681ED2E716B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FD833CE8-F37B-4EEB-9DD3-E8A8BB121390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "3E4B00D0-93F9-4145-BA91-6F4A66F19854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*",
"matchCriteriaId": "74CB3FCB-192A-48A7-9FF3-3D228729AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "B1107BD8-2F96-4788-A478-C0D7B9D22688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "139FA36E-582D-41E9-AC4F-9BD49C844039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2EB54773-A54F-4D9E-B213-464421B4FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "FC8CBF0A-310F-41EB-B377-F08FE03E3867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "62BB74B8-C90B-4CA1-B8CE-29F8D42D4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "44855E13-5493-4362-B7E8-5A1A6F299FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "430F2EBF-09EB-4F48-ACF8-8B4EDF83E284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "BE35151C-FCF6-4A89-8283-B24225019241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7398A446-3A15-40C5-A76A-042D6FA9221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D4337421-61DB-4469-868E-E8A04BE01B46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
},
{
"lang": "es",
"value": "Un usuario autenticado malicioso podr\u00eda ser capaz de eliminar un dispositivo de la base de datos de Junos Space sin los privilegios necesarios mediante interacciones Ajax manipuladas obtenidas de otra acci\u00f3n leg\u00edtima eliminada realizada por otro usuario administrativo. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1."
}
],
"id": "CVE-2019-0016",
"lastModified": "2024-11-21T04:16:03.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.463",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0017
Vulnerability from fkie_nvd - Published: 2019-01-15 21:29 - Updated: 2024-11-21 04:16
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10917 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10917 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 17.1 | |
| juniper | junos_space | 17.2 | |
| juniper | junos_space | 18.1 | |
| juniper | junos_space | 18.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "7B610137-66AC-43D3-BBAE-4390011C20AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "D81E5484-5C0D-44CB-90A8-65EE4E7D4F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "5EDD9296-6FB1-45E2-80EE-9F0F84CAFC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "A53A9542-72FD-40E8-94F1-C7C0D776D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DC29AA1D-4CBC-413A-9333-72F3616CE918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "00FCCF10-B612-46FC-94E6-70082F2E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E5F85CA0-36F3-48EE-8D35-A986412C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "61813043-BAED-4803-9D5B-7B7E113D2FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7A3698B1-CC10-40D0-872C-417263C7A949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "B5A79F3A-80B9-4D98-92EE-681ED2E716B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FD833CE8-F37B-4EEB-9DD3-E8A8BB121390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "3E4B00D0-93F9-4145-BA91-6F4A66F19854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*",
"matchCriteriaId": "74CB3FCB-192A-48A7-9FF3-3D228729AC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "B1107BD8-2F96-4788-A478-C0D7B9D22688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "139FA36E-582D-41E9-AC4F-9BD49C844039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2EB54773-A54F-4D9E-B213-464421B4FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "FC8CBF0A-310F-41EB-B377-F08FE03E3867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "62BB74B8-C90B-4CA1-B8CE-29F8D42D4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "44855E13-5493-4362-B7E8-5A1A6F299FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "430F2EBF-09EB-4F48-ACF8-8B4EDF83E284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "BE35151C-FCF6-4A89-8283-B24225019241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7398A446-3A15-40C5-A76A-042D6FA9221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D4337421-61DB-4469-868E-E8A04BE01B46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de Junos Space, que permite que los archivos Device Image se suban, tiene una comprobaci\u00f3n de validez insuficiente, lo que podr\u00eda permitir la subida de im\u00e1genes o scripts, as\u00ed como otros tipos de contenido. Las distribuciones afectadas son: Junos Space en todas sus versiones anteriores a la 18.3R1."
}
],
"id": "CVE-2019-0017",
"lastModified": "2024-11-21T04:16:03.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T21:29:01.493",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0047
Vulnerability from fkie_nvd - Published: 2018-10-10 18:29 - Updated: 2024-11-21 03:37
Severity ?
8.0 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securitytracker.com/id/1041863 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10881 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041863 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10881 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 17.1 | |
| juniper | junos_space | 17.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "3690DD20-F4FF-4388-899E-884D60052199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "642062E4-FCD1-4C96-9832-8B65D1D327D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BA50737C-5924-490D-8A1C-C7913264D458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6EB0159B-4D22-40E1-AD55-17D7A8AA4CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "C157A9EB-482F-4060-9A60-0D149D656665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC5AA529-494F-4297-88FE-4C58B8FCA8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "0C01B9DB-ADFF-4652-8040-572715370BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE27435E-F321-4CD6-AB9E-AF2F50057A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "3716BA1C-FFDF-4939-8AE6-68BFB06CDD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F319D4E-938C-44AF-868A-FBFF077D6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "0FE562A7-779A-4B7C-9A1E-3EF141D798B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "882C4D7A-293C-4587-84B1-822F63D53D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4A98BA3F-35BD-4C8D-80B4-B85C3B32F5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FE3823E7-6A1D-4645-94C5-01EBB2392B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "2E80FD6E-A2E7-4B8C-BFC8-D9B0F32245C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el la interfaz del framework empleado por Junos Space Security Director podr\u00eda permitir que usuarios autenticados inyecten scripts persistentes y maliciosos. Esto podr\u00eda permitir el robo de informaci\u00f3n o la realizaci\u00f3n de acciones como otro usuario cuando otros acceden a la interfaz web de Security Director. Este problema afecta a todas las versiones de Juniper Networks Junos Space Security Director en versiones anteriores a la 17.2R2."
}
],
"id": "CVE-2018-0047",
"lastModified": "2024-11-21T03:37:25.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T18:29:01.517",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10881"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0046
Vulnerability from fkie_nvd - Published: 2018-10-10 18:29 - Updated: 2024-11-21 03:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/105566 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1041862 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d | Patch, Third Party Advisory | |
| sirt@juniper.net | https://kb.juniper.net/JSA10880 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105566 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041862 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10880 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 18.1r1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*",
"matchCriteriaId": "D82DF30A-C838-49AC-95DC-16D765FD5588",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en OpenNMS incluido con Juniper Networks Junos Space podr\u00eda permitir el robo de informaci\u00f3n sensible o credenciales de sesi\u00f3n de los administradores de Junos Space o realizar acciones administrativas. Este problema afecta a Juniper Networks Junos Space en versiones anteriores a la 18.2R1."
}
],
"id": "CVE-2018-0046",
"lastModified": "2024-11-21T03:37:25.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-10T18:29:00.780",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041862"
},
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10880"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3413
Vulnerability from fkie_nvd - Published: 2018-04-05 17:29 - Updated: 2024-11-21 02:08
Severity ?
Summary
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.1:*:*:*:*:*:*",
"matchCriteriaId": "53C917DF-0507-45C8-89FE-29F400C35030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.2:*:*:*:*:*:*",
"matchCriteriaId": "677B0C4D-923A-4376-85A8-56208E3728A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.3:*:*:*:*:*:*",
"matchCriteriaId": "BDEF52F5-ABE3-453C-9A5C-7FD5CCC18F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.4:*:*:*:*:*:*",
"matchCriteriaId": "1B7BBF07-791C-43FE-AC38-EB68493092BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.5:*:*:*:*:*:*",
"matchCriteriaId": "D5B55D33-A294-4DE2-887D-6A7E29F7EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.6:*:*:*:*:*:*",
"matchCriteriaId": "8DA50B20-F26E-4FB7-A46A-74836CF546A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1.7:*:*:*:*:*:*",
"matchCriteriaId": "2BA008EC-659A-43CC-9741-E765958BD824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access."
},
{
"lang": "es",
"value": "El servidor MySQL en Juniper Networks Junos Space, en versiones anteriores a la 13.3R1.8, tiene una cuenta sin especificar con una contrase\u00f1a embebida. Esto permite que atacantes remotos obtengan informaci\u00f3n sensible y, consecuentemente, obtengan control administrativo aprovechando el acceso a la base de datos."
}
],
"id": "CVE-2014-3413",
"lastModified": "2024-11-21T02:08:02.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-05T17:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0010
Vulnerability from fkie_nvd - Published: 2018-01-10 22:29 - Updated: 2024-11-21 03:37
Severity ?
Summary
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA10840 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10840 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 17.1 | |
| juniper | junos_space | 17.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "3690DD20-F4FF-4388-899E-884D60052199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "642062E4-FCD1-4C96-9832-8B65D1D327D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BA50737C-5924-490D-8A1C-C7913264D458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6EB0159B-4D22-40E1-AD55-17D7A8AA4CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "C157A9EB-482F-4060-9A60-0D149D656665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC5AA529-494F-4297-88FE-4C58B8FCA8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "0C01B9DB-ADFF-4652-8040-572715370BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE27435E-F321-4CD6-AB9E-AF2F50057A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "3716BA1C-FFDF-4939-8AE6-68BFB06CDD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "0F319D4E-938C-44AF-868A-FBFF077D6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "0FE562A7-779A-4B7C-9A1E-3EF141D798B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "882C4D7A-293C-4587-84B1-822F63D53D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4A98BA3F-35BD-4C8D-80B4-B85C3B32F5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FE3823E7-6A1D-4645-94C5-01EBB2392B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_space:17.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "2E80FD6E-A2E7-4B8C-BFC8-D9B0F32245C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Juniper Networks Junos Space Security Director permite a un usuario que no tiene acceso SSH a un dispositivo reutilizar la URL que se hab\u00eda creado para otro usuario para s\u00ed tener acceso SSH. Las distribuciones afectadas son todas las versiones de Junos Space Security Director anteriores a la 17.2R1."
}
],
"id": "CVE-2018-0010",
"lastModified": "2024-11-21T03:37:21.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T22:29:01.290",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10840"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0013
Vulnerability from fkie_nvd - Published: 2018-01-10 22:29 - Updated: 2024-11-21 03:37
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10838 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10838 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_space:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0358C7-B11D-434A-9156-9F4D6ECC433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inclusi\u00f3n de archivos locales en Juniper Networks Junos Space Network Management Platform podr\u00eda permitir que un usuario autenticado recupere archivos del sistema."
}
],
"id": "CVE-2018-0013",
"lastModified": "2024-11-21T03:37:21.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T22:29:01.417",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0011
Vulnerability from fkie_nvd - Published: 2018-01-10 22:29 - Updated: 2024-11-21 03:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10838 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10838 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 13.3 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 14.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.1 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 15.2 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 16.1 | |
| juniper | junos_space | 17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "7B610137-66AC-43D3-BBAE-4390011C20AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "D81E5484-5C0D-44CB-90A8-65EE4E7D4F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:13.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "A53A9542-72FD-40E8-94F1-C7C0D776D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "00FCCF10-B612-46FC-94E6-70082F2E1091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E5F85CA0-36F3-48EE-8D35-A986412C91D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "61813043-BAED-4803-9D5B-7B7E113D2FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7A3698B1-CC10-40D0-872C-417263C7A949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "B5A79F3A-80B9-4D98-92EE-681ED2E716B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FD833CE8-F37B-4EEB-9DD3-E8A8BB121390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "B1107BD8-2F96-4788-A478-C0D7B9D22688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "139FA36E-582D-41E9-AC4F-9BD49C844039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "FC8CBF0A-310F-41EB-B377-F08FE03E3867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "62BB74B8-C90B-4CA1-B8CE-29F8D42D4B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "44855E13-5493-4362-B7E8-5A1A6F299FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "430F2EBF-09EB-4F48-ACF8-8B4EDF83E284",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) reflejado en Junos Space podr\u00eda permite que un usuario autenticado remoto inyecte script web o HTML, robe datos sensibles y credenciales de una sesi\u00f3n y realice acciones administrativas en el dispositivo de gesti\u00f3n de redes de Junos Space."
}
],
"id": "CVE-2018-0011",
"lastModified": "2024-11-21T03:37:21.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T22:29:01.320",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-0012
Vulnerability from fkie_nvd - Published: 2018-01-10 22:29 - Updated: 2024-11-21 03:37
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10838 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040189 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10838 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_space | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_space:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600DCE5E-D5EC-49D9-969C-DC48F0110AF1",
"versionEndIncluding": "17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
},
{
"lang": "es",
"value": "Junos Space se ve afectado por una vulnerabilidad de escalado de privilegios que podr\u00eda permitir que un atacante local autenticado obtenga privilegios root."
}
],
"id": "CVE-2018-0012",
"lastModified": "2024-11-21T03:37:21.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T22:29:01.367",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "sirt@juniper.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10838"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-0220 (GCVE-0-2021-0220)
Vulnerability from cvelistv5 – Published: 2021-01-15 17:36 – Updated: 2024-09-16 22:20
VLAI?
Summary
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
Severity ?
6.8 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 20.3R1
(custom)
|
Credits
Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:36:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11110"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11110",
"defect": [
"1519331"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0220",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11110",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11110"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11110",
"defect": [
"1519331"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0220",
"datePublished": "2021-01-15T17:36:01.350002Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:20:15.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1611 (GCVE-0-2020-1611)
Vulnerability from cvelistv5 – Published: 2020-01-15 08:40 – Updated: 2024-09-16 16:32
VLAI?
Summary
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Severity ?
6.5 (Medium)
CWE
- Local file inclusion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 19.4R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:39:10.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local file inclusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T08:40:38",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10993",
"defect": [
"1449224"
],
"discovery": "INTERNAL"
},
"title": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1611",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10993",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10993"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10993",
"defect": [
"1449224"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1611",
"datePublished": "2020-01-15T08:40:38.352672Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T16:32:34.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0016 (GCVE-0-2019-0016)
Vulnerability from cvelistv5 – Published: 2019-01-15 21:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Severity ?
6.5 (Medium)
CWE
- Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.3R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"source": {
"advisory": "JSA10917",
"defect": [
"1351713"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Authenticated user able to delete devices without delete device privileges",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0016",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Authenticated user able to delete devices without delete device privileges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"1351713"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0016",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T22:20:18.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0017 (GCVE-0-2019-0017)
Vulnerability from cvelistv5 – Published: 2019-01-15 21:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Severity ?
6.5 (Medium)
CWE
- Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.3R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"source": {
"advisory": "JSA10917",
"defect": [
"1355724"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Unrestricted file upload vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0017",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Unrestricted file upload vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"1355724"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0017",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T23:51:28.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0047 (GCVE-0-2018-0047)
Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Severity ?
CWE
- Persistent Cross-Site Scripting Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space Security Director |
Affected:
unspecified , ≤ 17.2R2
(custom)
|
Credits
Marcel Bilal of IT-Dienstleistungszentrum Berlin
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space Security Director",
"vendor": "Juniper Networks",
"versions": [
{
"lessThanOrEqual": "17.2R2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Cross-Site Scripting Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "1041863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10881"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space Security Director 17.2R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10881",
"defect": [
"1337620"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space Security Director: XSS vulnerability in web administration",
"workarounds": [
{
"lang": "en",
"value": "Restrict access to the Junos Space Security Director dashboard to trusted users."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0047",
"STATE": "PUBLIC",
"TITLE": "Junos Space Security Director: XSS vulnerability in web administration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space Security Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "17.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041863",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041863"
},
{
"name": "https://kb.juniper.net/JSA10881",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10881"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space Security Director 17.2R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10881",
"defect": [
"1337620"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict access to the Junos Space Security Director dashboard to trusted users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0047",
"datePublished": "2018-10-10T18:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T17:38:13.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0046 (GCVE-0-2018-0046)
Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-17 03:13
VLAI?
Summary
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
Severity ?
8.8 (High)
CWE
- Reflected cross-site scripting vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.2R1
(custom)
|
Credits
Marcel Bilal of IT-Dienstleistungszentrum Berlin
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "105566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041862"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10880",
"defect": [
"1337619"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0046",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105566"
},
{
"name": "https://kb.juniper.net/JSA10880",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10880"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",
"refsource": "CONFIRM",
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041862"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10880",
"defect": [
"1337619"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0046",
"datePublished": "2018-10-10T18:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-17T03:13:58.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3413 (GCVE-0-2014-3413)
Vulnerability from cvelistv5 – Published: 2018-04-05 17:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-05T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2014-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3413",
"datePublished": "2018-04-05T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0012 (GCVE-0-2018-0012)
Vulnerability from cvelistv5 – Published: 2018-01-10 22:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
Severity ?
7.8 (High)
CWE
- Privilege escalation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
All , < 17.2R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1296620"
],
"discovery": "INTERNAL"
},
"title": "Junos Space: Local privilege escalation vulnerability in Junos Space",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0012",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Local privilege escalation vulnerability in Junos Space"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10838",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040189"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1296620"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0012",
"datePublished": "2018-01-10T22:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T19:56:44.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0010 (GCVE-0-2018-0010)
Vulnerability from cvelistv5 – Published: 2018-01-10 22:00 – Updated: 2024-08-05 03:14
VLAI?
Summary
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T21:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2018-0010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10840",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0010",
"datePublished": "2018-01-10T22:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T03:14:16.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0013 (GCVE-0-2018-0013)
Vulnerability from cvelistv5 – Published: 2018-01-10 22:00 – Updated: 2024-09-16 17:58
VLAI?
Summary
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system.
Severity ?
6.5 (Medium)
CWE
- Local File Inclusion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
all , < 17.2R1
(custom)
|
Credits
the team at cyberhouse.ge for responsibly reporting CVE-2018-0013.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R1",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "the team at cyberhouse.ge for responsibly reporting CVE-2018-0013."
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local File Inclusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1304289"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Local File Inclusion Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0013",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Local File Inclusion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "the team at cyberhouse.ge for responsibly reporting CVE-2018-0013."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10838",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040189"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1304289"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0013",
"datePublished": "2018-01-10T22:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T17:58:10.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0220 (GCVE-0-2021-0220)
Vulnerability from nvd – Published: 2021-01-15 17:36 – Updated: 2024-09-16 22:20
VLAI?
Summary
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.
Severity ?
6.8 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 20.3R1
(custom)
|
Credits
Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:36:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11110"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11110",
"defect": [
"1519331"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0220",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11110",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11110"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11110",
"defect": [
"1519331"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0220",
"datePublished": "2021-01-15T17:36:01.350002Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:20:15.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1611 (GCVE-0-2020-1611)
Vulnerability from nvd – Published: 2020-01-15 08:40 – Updated: 2024-09-16 16:32
VLAI?
Summary
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Severity ?
6.5 (Medium)
CWE
- Local file inclusion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 19.4R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:39:10.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local file inclusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T08:40:38",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10993"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10993",
"defect": [
"1449224"
],
"discovery": "INTERNAL"
},
"title": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1611",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10993",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10993"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449224"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10993",
"defect": [
"1449224"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1611",
"datePublished": "2020-01-15T08:40:38.352672Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T16:32:34.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0016 (GCVE-0-2019-0016)
Vulnerability from nvd – Published: 2019-01-15 21:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Severity ?
6.5 (Medium)
CWE
- Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.3R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"source": {
"advisory": "JSA10917",
"defect": [
"1351713"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Authenticated user able to delete devices without delete device privileges",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0016",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Authenticated user able to delete devices without delete device privileges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"1351713"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0016",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T22:20:18.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0017 (GCVE-0-2019-0017)
Vulnerability from nvd – Published: 2019-01-15 21:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Severity ?
6.5 (Medium)
CWE
- Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.3R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T20:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10917"
}
],
"source": {
"advisory": "JSA10917",
"defect": [
"1355724"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Unrestricted file upload vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-01-09T17:00:00.000Z",
"ID": "CVE-2019-0017",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Unrestricted file upload vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10917",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10917"
}
]
},
"source": {
"advisory": "JSA10917",
"defect": [
"1355724"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device\u0027s management interface only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0017",
"datePublished": "2019-01-15T21:00:00Z",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-09-16T23:51:28.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0047 (GCVE-0-2018-0047)
Vulnerability from nvd – Published: 2018-10-10 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Severity ?
CWE
- Persistent Cross-Site Scripting Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space Security Director |
Affected:
unspecified , ≤ 17.2R2
(custom)
|
Credits
Marcel Bilal of IT-Dienstleistungszentrum Berlin
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space Security Director",
"vendor": "Juniper Networks",
"versions": [
{
"lessThanOrEqual": "17.2R2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Cross-Site Scripting Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "1041863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10881"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space Security Director 17.2R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10881",
"defect": [
"1337620"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space Security Director: XSS vulnerability in web administration",
"workarounds": [
{
"lang": "en",
"value": "Restrict access to the Junos Space Security Director dashboard to trusted users."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0047",
"STATE": "PUBLIC",
"TITLE": "Junos Space Security Director: XSS vulnerability in web administration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space Security Director",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "17.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041863",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041863"
},
{
"name": "https://kb.juniper.net/JSA10881",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10881"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space Security Director 17.2R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10881",
"defect": [
"1337620"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Restrict access to the Junos Space Security Director dashboard to trusted users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0047",
"datePublished": "2018-10-10T18:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T17:38:13.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0046 (GCVE-0-2018-0046)
Vulnerability from nvd – Published: 2018-10-10 18:00 – Updated: 2024-09-17 03:13
VLAI?
Summary
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
Severity ?
8.8 (High)
CWE
- Reflected cross-site scripting vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
unspecified , < 18.2R1
(custom)
|
Credits
Marcel Bilal of IT-Dienstleistungszentrum Berlin
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"datePublic": "2018-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"name": "105566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041862"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10880",
"defect": [
"1337619"
],
"discovery": "EXTERNAL"
},
"title": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0046",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "18.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105566"
},
{
"name": "https://kb.juniper.net/JSA10880",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10880"
},
{
"name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",
"refsource": "CONFIRM",
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name": "1041862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041862"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10880",
"defect": [
"1337619"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0046",
"datePublished": "2018-10-10T18:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-17T03:13:58.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3413 (GCVE-0-2014-3413)
Vulnerability from nvd – Published: 2018-04-05 17:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-05T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2014-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2014-01"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3413",
"datePublished": "2018-04-05T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0012 (GCVE-0-2018-0012)
Vulnerability from nvd – Published: 2018-01-10 22:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
Severity ?
7.8 (High)
CWE
- Privilege escalation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
All , < 17.2R1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.2R1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040189"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1296620"
],
"discovery": "INTERNAL"
},
"title": "Junos Space: Local privilege escalation vulnerability in Junos Space",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0012",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Local privilege escalation vulnerability in Junos Space"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10838",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10838"
},
{
"name": "1040189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040189"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10838",
"defect": [
"1296620"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0012",
"datePublished": "2018-01-10T22:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T19:56:44.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0010 (GCVE-0-2018-0010)
Vulnerability from nvd – Published: 2018-01-10 22:00 – Updated: 2024-08-05 03:14
VLAI?
Summary
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T21:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2018-0010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10840",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0010",
"datePublished": "2018-01-10T22:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T03:14:16.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}