CVE-2019-0017

Published: Jan 15, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Affected (23)

Products: Juniper: Junos Space

Juniper

1 product

Junos Space

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Space	Version 13.3 r1
Juniper Junos Space	Version 13.3 r2
Juniper Junos Space	Version 13.3 r3
Juniper Junos Space	Version 13.3 r4
Juniper Junos Space	Version 14.1
Juniper Junos Space	Version 14.1 r1
Juniper Junos Space	Version 14.1 r2
Juniper Junos Space	Version 14.1 r3
Juniper Junos Space	Version 15.1 r1
Juniper Junos Space	Version 15.1 r2
Juniper Junos Space	Version 15.1 r3
Juniper Junos Space	Version 15.1 r4
Juniper Junos Space	Version 15.2
Juniper Junos Space	Version 15.2 r1
Juniper Junos Space	Version 15.2 r2
Juniper Junos Space	Version 16.1
Juniper Junos Space	Version 16.1 r1
Juniper Junos Space	Version 16.1 r2
Juniper Junos Space	Version 16.1 r3
Juniper Junos Space	Version 17.1 r1
Juniper Junos Space	Version 17.2 r1.4
Juniper Junos Space	Version 18.1 r1
Juniper Junos Space	Version 18.2 r1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://kb.juniper.net/JSA10917

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA10917

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.