mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 09:12:00 +00:00
91 lines
3.6 KiB
JSON
91 lines
3.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"DATE_PUBLIC": "2016-04-13T09:00",
|
|
"ID": "CVE-2016-1265",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": " Junos Space: privilege escalation vulnerabilities in Junos Space"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "",
|
|
"version_value": "all versions prior to 15.1R2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": [],
|
|
"credit": [],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected."
|
|
}
|
|
]
|
|
},
|
|
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Privilege escalation"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://kb.juniper.net/JSA10727",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.juniper.net/JSA10727"
|
|
}
|
|
]
|
|
},
|
|
"solution": "The following software releases have been updated to resolve this specific issue: Junos Space 15.1R3, 15.2R1, and all subsequent releases.",
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Limit access to Junos Space from only trusted networks\nUse administrative jump boxes with no internet access and employ anti-scripting techniques.\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts."
|
|
}
|
|
]
|
|
} |