CVE-2019-0016

Published: Jan 15, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Affected (23)

Products: Juniper: Junos Space

Juniper

1 product

Junos Space

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Space	Version 13.3 r1
Juniper Junos Space	Version 13.3 r2
Juniper Junos Space	Version 13.3 r3
Juniper Junos Space	Version 13.3 r4
Juniper Junos Space	Version 14.1
Juniper Junos Space	Version 14.1 r1
Juniper Junos Space	Version 14.1 r2
Juniper Junos Space	Version 14.1 r3
Juniper Junos Space	Version 15.1 r1
Juniper Junos Space	Version 15.1 r2
Juniper Junos Space	Version 15.1 r3
Juniper Junos Space	Version 15.1 r4
Juniper Junos Space	Version 15.2
Juniper Junos Space	Version 15.2 r1
Juniper Junos Space	Version 15.2 r2
Juniper Junos Space	Version 16.1
Juniper Junos Space	Version 16.1 r1
Juniper Junos Space	Version 16.1 r2
Juniper Junos Space	Version 16.1 r3
Juniper Junos Space	Version 17.1 r1
Juniper Junos Space	Version 17.2 r1.4
Juniper Junos Space	Version 18.1 r1
Juniper Junos Space	Version 18.2 r1

References (2)

https://kb.juniper.net/JSA10917

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10917

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.