Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

According to its self-reported version number, the remote Junos Space
version is prior to 14.1R1. It is, therefore, affected by multiple
vulnerabilities in bundled third party software components :

- Multiple vulnerabilities in the bundled OpenSSL CentOS
package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619,
CVE-2012-0884, CVE-2012-2110, CVE-2012-2333,
CVE-2013-0166, CVE-2013-0169, CVE-2014-0224)

- Multiple vulnerabilities in Oracle MySQL.
(CVE-2013-5908)

- Multiple vulnerabilities in the Oracle Java runtime.
(CVE-2014-0411, CVE-2014-0423, CVE-2014-4244,
CVE-2014-0453, CVE-2014-0460, CVE-2014-4263,
CVE-2014-4264)

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10659

Solution :

Upgrade to Junos Space 14.1R1 or later. Alternatively, apply the
workaround referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true