CVE-2018-0010

Published Jan 10, 2018

Last updated 5 years ago

CVSS medium 6.5

Overview

Description: A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3690DD20-F4FF-4388-899E-884D60052199"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "642062E4-FCD1-4C96-9832-8B65D1D327D8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA50737C-5924-490D-8A1C-C7913264D458"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EB0159B-4D22-40E1-AD55-17D7A8AA4CAA"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C157A9EB-482F-4060-9A60-0D149D656665"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC5AA529-494F-4297-88FE-4C58B8FCA8F1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C01B9DB-ADFF-4652-8040-572715370BDF"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE27435E-F321-4CD6-AB9E-AF2F50057A03"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3716BA1C-FFDF-4939-8AE6-68BFB06CDD53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F319D4E-938C-44AF-868A-FBFF077D6139"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FE562A7-779A-4B7C-9A1E-3EF141D798B5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "882C4D7A-293C-4587-84B1-822F63D53D2F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A98BA3F-35BD-4C8D-80B4-B85C3B32F5AD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE3823E7-6A1D-4645-94C5-01EBB2392B69"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:17.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E80FD6E-A2E7-4B8C-BFC8-D9B0F32245C7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References