CVE-2016-1265 — Sensitive Information Exposure in Juniper Junos Space

CWE-200 — Sensitive Information Exposure CWE-255 CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.0%

top 23.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos OS

Timeline

PublishedOct 13

Latest updateMay 13

Description

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDjuniper/junos_space15.1r2

▶CVEListV5juniper_networks/junos_osall versions prior to 15.1R2

🔴Vulnerability Details

GHSA

GHSA-g7g3-mqm9-m86m: A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed↗2022-05-13

▶

CVEList

Junos Space: privilege escalation vulnerabilities in Junos Space↗2017-10-13

▶

📋Vendor Advisories

Juniper

CVE-2016-1265: A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed↗2017-10-13

▶