CVE-2016-1265 - OpenCVE

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Junos Space

Configuration 1 [-]

cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*

References

Link	Resource
https://kb.juniper.net/JSA10727	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2016-04-13T00:00:00

Updated: 2017-10-13T16:57:01

Reserved: 2015-12-30T00:00:00

Link: CVE-2016-1265

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-13T17:29:00.223

Modified: 2019-10-09T23:17:15.687

Link: CVE-2016-1265

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "all versions prior to 15.1R2"}]}], "datePublic": "2016-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-13T16:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10727"}], "title": " Junos Space: privilege escalation vulnerabilities in Junos Space", "workarounds": [{"lang": "en", "value": "Limit access to Junos Space from only trusted networks\nUse administrative jump boxes with no internet access and employ anti-scripting techniques.\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2016-04-13T09:00", "ID": "CVE-2016-1265", "STATE": "PUBLIC", "TITLE": " Junos Space: privilege escalation vulnerabilities in Junos Space"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"platform": "", "version_value": "all versions prior to 15.1R2"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [], "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected."}]}, "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10727", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10727"}]}, "solution": "The following software releases have been updated to resolve this specific issue: Junos Space 15.1R3, 15.2R1, and all subsequent releases.", "work_around": [{"lang": "en", "value": "Limit access to Junos Space from only trusted networks\nUse administrative jump boxes with no internet access and employ anti-scripting techniques.\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2016-1265", "datePublished": "2016-04-13T00:00:00", "dateReserved": "2015-12-30T00:00:00", "dateUpdated": "2017-10-13T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "98899B94-EB36-4314-8376-8FF0F0AFA448", "versionEndIncluding": "15.1r2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected."}, {"lang": "es", "value": "Un atacante remoto no autenticado en una red con acceso a Junos Space podr\u00eda ejecutar c\u00f3digo arbitrario en Junos Space u obtener acceso a dispositivos gestionados por Junos Space utilizando vectores de ataque de Cross-Site Request Forgery (CSRF), credenciales de autenticaci\u00f3n por defecto, fuga de informaci\u00f3n e inyecci\u00f3n de comandos. Todas las versiones de Juniper Networks Junos Space anteriores a a 15.1R3 se ven afectadas."}], "id": "CVE-2016-1265", "lastModified": "2019-10-09T23:17:15.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2017-10-13T17:29:00.223", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA10727"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}