Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

critical Nessus Plugin ID 91890

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery (XSRF), default authentication credentials, information disclosure, and command injection. An unauthenticated, remote attacker can exploit these to execute arbitrary code or gain access to devices managed by Junos Space.

Solution

Upgrade to Junos Space version 15.1R3 or later.

See Also

http://www.nessus.org/u?a84b985b

Plugin Details

Severity: Critical

ID: 91890

File Name: juniper_space_15_1R3.nasl

Version: 1.3

Type: local

Published: 6/29/2016

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 4/13/2016

Reference Information

CVE: CVE-2016-1265

JSA: JSA10727