var-201703-0038
Vulnerability from variot
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. Juniper Junos Space is prone to the following multiple security issues: 1. Cross-site scripting vulnerability 2. Cross-site request-forgery vulnerability 3. Authentication-bypass vulnerability 4. An XML external entity injection vulnerability 5. A command-injection vulnerability 6. A security-bypass vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, perform certain administrative actions, gain unauthorized access, bypass certain security restrictions or cause denial-of-service conditions. Juniper Networks Junos Space is a set of network management solutions of Juniper Networks (Juniper Networks). The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0038", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "junos space", "scope": "lte", "trust": 1.0, "vendor": "juniper", "version": "15.2" }, { "model": "junos space", "scope": "eq", "trust": 0.9, "vendor": "juniper", "version": "15.2" }, { "model": "junos space", "scope": "lt", "trust": 0.8, "vendor": "juniper", "version": "15.2r2" }, { "model": "junos space 15.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos space 15.2r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null } ], "sources": [ { "db": "BID", "id": "93540" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:juniper:junos_space:*:r1:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4926" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported the issue.", "sources": [ { "db": "BID", "id": "93540" } ], "trust": 0.3 }, "cve": "CVE-2016-4926", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-4926", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-93745", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-4926", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4926", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201610-461", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-93745", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-93745" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. Juniper Junos Space is prone to the following multiple security issues:\n1. Cross-site scripting vulnerability\n2. Cross-site request-forgery vulnerability\n3. Authentication-bypass vulnerability\n4. An XML external entity injection vulnerability\n5. A command-injection vulnerability\n6. A security-bypass vulnerability\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, perform certain administrative actions, gain unauthorized access, bypass certain security restrictions or cause denial-of-service conditions. Juniper Networks Junos Space is a set of network management solutions of Juniper Networks (Juniper Networks). The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A remote attacker could exploit this vulnerability to perform unauthorized operations", "sources": [ { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "BID", "id": "93540" }, { "db": "VULHUB", "id": "VHN-93745" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4926", "trust": 2.8 }, { "db": "BID", "id": "93540", "trust": 2.0 }, { "db": "JUNIPER", "id": "JSA10760", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2016-008028", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201610-461", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-93745", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93745" }, { "db": "BID", "id": "93540" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "id": "VAR-201703-0038", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-93745" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T12:51:23.385000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "JSA10760", "trust": 0.8, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10760" }, { "title": "Juniper Junos Space Fixes for authentication bypassing vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64832" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93745" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.securityfocus.com/bid/93540" }, { "trust": 1.6, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10760" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4926" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4926" }, { "trust": 0.3, "url": "http://www.juniper.net/" }, { "trust": 0.3, "url": "http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10760\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.1, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10760" } ], "sources": [ { "db": "VULHUB", "id": "VHN-93745" }, { "db": "BID", "id": "93540" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-93745" }, { "db": "BID", "id": "93540" }, { "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "db": "NVD", "id": "CVE-2016-4926" }, { "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-20T00:00:00", "db": "VULHUB", "id": "VHN-93745" }, { "date": "2016-10-12T00:00:00", "db": "BID", "id": "93540" }, { "date": "2017-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "date": "2017-03-20T20:59:00.157000", "db": "NVD", "id": "CVE-2016-4926" }, { "date": "2016-10-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-22T00:00:00", "db": "VULHUB", "id": "VHN-93745" }, { "date": "2016-10-26T02:07:00", "db": "BID", "id": "93540" }, { "date": "2017-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008028" }, { "date": "2017-03-22T19:24:05.400000", "db": "NVD", "id": "CVE-2016-4926" }, { "date": "2017-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-461" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201610-461" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Junos Space Vulnerabilities that allow certain management tasks to be performed without authentication", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008028" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201610-461" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.