Juniper Junos Space < 15.1R3 Multiple Vulnerabilities (JSA10727)

Critical Nessus Plugin ID 91890

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R3. It is, therefore, affected by multiple unspecified vulnerabilities, including cross-site request forgery (XSRF), default authentication credentials, information disclosure, and command injection. An unauthenticated, remote attacker can exploit these to execute arbitrary code or gain access to devices managed by Junos Space.

Solution

Upgrade to Junos Space version 15.1R3 or later.

See Also

http://www.nessus.org/u?a84b985b

Plugin Details

Severity: Critical

ID: 91890

File Name: juniper_space_15_1R3.nasl

Version: 1.3

Type: local

Published: 2016/06/29

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/04/13

Vulnerability Publication Date: 2016/04/13

Reference Information

CVE: CVE-2016-1265

JSA: JSA10727