Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

critical Nessus Plugin ID 91890
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.9

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery (XSRF), default authentication credentials, information disclosure, and command injection. An unauthenticated, remote attacker can exploit these to execute arbitrary code or gain access to devices managed by Junos Space.

Solution

Upgrade to Junos Space version 15.1R3 or later.

See Also

http://www.nessus.org/u?a84b985b

Plugin Details

Severity: Critical

ID: 91890

File Name: juniper_space_15_1R3.nasl

Version: 1.3

Type: local

Published: 6/29/2016

Updated: 7/12/2018

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 4/13/2016

Reference Information

CVE: CVE-2016-1265

JSA: JSA10727