The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N
Vendors Products
Juniper
  • Junos Space

Configuration 1 [-]

OR cpe:2.3:a:juniper:junos_space:1.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.4:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:2.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.1:r1.8:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.3:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.4:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:19.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:17.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:20.1:r1:*:*:*:*:*:*
References
Link Resource
https://kb.juniper.net/JSA11110 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2021-01-13T00:00:00

Updated: 2021-01-15T17:36:01

Reserved: 2020-10-27T00:00:00

Link: CVE-2021-0220

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-01-15T18:15:15.667

Modified: 2021-01-26T16:02:37.557

Link: CVE-2021-0220

JSON object: View

cve-icon Redhat Information

No data.

CWE