CVE-2019-0017 — Unrestricted File Upload in Networks Junos Space

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

8.8HIGHNVD

CNA6.5

EPSS

0.2%

top 54.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos Space Juniper Junos Space

Timeline

PublishedJan 15

Latest updateMay 13

Description

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceunspecified — 18.3R1

▶NVDjuniper/junos_space9 versions+8

🔴Vulnerability Details

GHSA

GHSA-v5hc-28pc-qw2m: The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious↗2022-05-13

▶

CVEList

Junos Space: Unrestricted file upload vulnerability↗2019-01-15

▶

📋Vendor Advisories

Juniper

CVE-2019-0017: The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious↗2019-01-15

▶