CVE-2019-0016

Junos Space: Authenticated user able to delete devices without delete device privileges

CVSS 6.5 MEDIUMEPSS 0.9%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Jan 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Juniper Networks · Junos Space

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.juniper.net/JSA10917