Juniper Junos Space < 13.3R1.8 Arbitrary Command Execution (JSA10626)

critical Nessus Plugin ID 80194

Synopsis

The remote device is affected by a remote command execution vulnerability.

Description

According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by a remote command execution vulnerability that exists when the firewall is disabled. This could allow a remote attacker to execute arbitrary commands with root privileges.

Note that the firewall is enabled by default on Junos Space.

Solution

Upgrade to Junos Space 13.3R1.8 or later.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626

Plugin Details

Severity: Critical

ID: 80194

File Name: juniper_space_jsa10626.nasl

Version: 1.10

Type: local

Published: 12/22/2014

Updated: 11/27/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/local_checks_enabled, Host/Junos_Space/version, Host/Junos_Space/release

Patch Publication Date: 5/14/2014

Vulnerability Publication Date: 5/14/2014

Reference Information

CVE: CVE-2014-3412

BID: 67454