Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

critical Nessus Plugin ID 91890

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery (XSRF), default authentication credentials, information disclosure, and command injection. An unauthenticated, remote attacker can exploit these to execute arbitrary code or gain access to devices managed by Junos Space.

Solution

Upgrade to Junos Space version 15.1R3 or later.

Plugin Details

Severity: Critical

ID: 91890

File Name: juniper_space_15_1R3.nasl

Version: 1.3

Type: local

Family: Junos Local Security Checks

Published: 6/29/2016

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 4/13/2016

Reference Information

CVE: CVE-2016-1265

JSA: JSA10727

Detections

Analytics