Detections
Analytics

Juniper Junos Space < 18.2R1 Multiple Vulnerabilities (JSA10880)

high Nessus Plugin ID 126510

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is < 18.2R1, and is therefore affected by multiple vulnerabilities:

 - Due to untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4, unauthenticated, remote attacker can execute execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. (CVE-2016-10009)
- In OpenSSH before 7.4, an authenticated local attacker can escalate privileges via unspecified vectors, related to serverloop.c. (CVE-2016-10010)
- authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents. an authenticated local attacker can obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)
- In sshd in OpenSSH before 7.4, a local attacker can gain privileges by leveraging access to a sandboxed privilege-separation process due to a bounds check that's enforced by all by the shared memory manager. (CVE-2016-10012)
- The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows local attackers to create zero-length files. (CVE-2017-15906)
- A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. (CVE-2018-0046)

Solution

Upgrade to Junos Space version 18.2R1 or later.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10880

Plugin Details

Severity: High

ID: 126510

File Name: juniper_space_jsa10880.nasl

Version: 1.3

Type: local

Published: 7/5/2019

Updated: 5/19/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-10009

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2016-10012

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/10/2018

Vulnerability Publication Date: 10/10/2018

Reference Information

CVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2017-15906, CVE-2018-0046

BID: 94968, 94972, 94975, 94977, 101552, 105566

JSA: JSA10880