Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)

High Nessus Plugin ID 80197

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components :

- Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224)

- Multiple vulnerabilities in Oracle MySQL.
(CVE-2013-5908)

- Multiple vulnerabilities in the Oracle Java runtime.
(CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264)

Solution

Upgrade to Junos Space 14.1R1 or later. Alternatively, apply the workaround referenced in the vendor advisory.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10659

Plugin Details

Severity: High

ID: 80197

File Name: juniper_space_jsa10659.nasl

Version: 1.8

Type: local

Published: 2014/12/22

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/11/12

Vulnerability Publication Date: 2012/01/04

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2013-5908, CVE-2014-0224, CVE-2014-0411, CVE-2014-0423, CVE-2014-0453, CVE-2014-0460, CVE-2014-4244, CVE-2014-4263, CVE-2014-4264

BID: 51281, 52428, 53158, 53476, 57778, 60268, 64896, 64914, 64918, 66914, 66916, 67899, 68612, 68624, 68636