Juniper: >> Junos Space >> 13.3 Security Vulnerabilities
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-10-13
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
CVSS Score
8.0
EPSS Score
0.004
Published
2017-10-13
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-05-30
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-05-30
A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-05-30
On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-05-30
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-05-30
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-05-30
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-30
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVSS Score
9.8
EPSS Score
0.036
Published
2017-03-20