CVE-2017-2305 — Incorrect Authorization in Juniper Junos Space

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 49.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedMay 30

Latest updateMay 13

Description

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 16.1R1

▶NVDjuniper/junos_space16.1

🔴Vulnerability Details

GHSA

GHSA-2xcj-24q6-g2ch: On Juniper Networks Junos Space versions prior to 16↗2022-05-13

▶

CVEList

CVE-2017-2305: On Juniper Networks Junos Space versions prior to 16↗2017-05-30

▶

📋Vendor Advisories

Juniper

CVE-2017-2305: On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative↗2017-05-30

▶