https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627

https://www.tenable.com/security/research/tra-2014-01

According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components :

  - Multiple vulnerabilities in RedHat JBoss application     server. (CVE-2010-0738, CVE-2010-1428, CVE-2010-1429,     CVE-2011-5245, CVE-2012-0818)

  - Multiple vulnerabilities in Oracle Java SE JDK.
    (CVE-2012-3143, CVE-2013-1537, CVE-2013-1557,     CVE-2013-2422)

  - Multiple vulnerabilities in Oracle MySQL server.
    (CVE-2013-1502, CVE-2013-1511, CVE-2013-1532,     CVE-2013-1544, CVE-2013-2375, CVE-2013-2376,     CVE-2013-2389, CVE-2013-2391, CVE-2013-2392,     CVE-2013-3783, CVE-2013-3793, CVE-2013-3794,     CVE-2013-3801, CVE-2013-3802, CVE-2013-3804,     CVE-2013-3805, CVE-2013-3808, CVE-2013-3809,     CVE-2013-3812, CVE-2013-3839)

  - Multiple vulnerabilities in Apache HTTP Server.
    (CVE-2013-1862, CVE-2013-1896)

  - Known hard-coded MySQL credentials. (CVE-2014-3413)

The MySQL database server listening on the remote host has one or more known credentials.

Note that this plugin checks generically for a variety of known account credentials. A finding involving, say, the 'scrutinizer' account does not necessarily mean that an associated Scrutinizer product is installed, only that Nessus was able to authenticate to the MySQL server using the reported credentials.

ID	Name	Product	Family	Severity
80195	Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)	Nessus	Junos Local Security Checks	critical
61696	MySQL Default Account Credentials	Nessus	Databases	critical

CVE-2014-3413

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical