CVE-2013-5097 — Juniper Junos Space vulnerability

CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 60.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space

Timeline

PublishedAug 16

Latest updateMay 17

Description

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjuniper/junos_space7 versions+6

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-3g92-xpx3-5xx5: Juniper Junos Space before 13↗2022-05-17

▶

CVEList

CVE-2013-5097: Juniper Junos Space before 13↗2013-08-16

▶

📋Vendor Advisories

Juniper

CVE-2013-5097: Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user acco↗2013-08-16

▶