← volver
CVE-2019-0016

Junos Space: Authenticated user able to delete devices without delete device privileges

CVSS 6.5 MEDIUMEPSS 0.9%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 ene 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
Juniper Networks · Junos Space

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://kb.juniper.net/JSA10917