CVE-2019-0017

Published Jan 15, 2019

Last updated 5 years ago

CVSS high 8.8

Overview

Description: The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Source: sirt@juniper.net
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-434

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B610137-66AC-43D3-BBAE-4390011C20AC"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D81E5484-5C0D-44CB-90A8-65EE4E7D4F92"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EDD9296-6FB1-45E2-80EE-9F0F84CAFC94"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:13.3:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A53A9542-72FD-40E8-94F1-C7C0D776D726"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC29AA1D-4CBC-413A-9333-72F3616CE918"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00FCCF10-B612-46FC-94E6-70082F2E1091"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5F85CA0-36F3-48EE-8D35-A986412C91D9"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61813043-BAED-4803-9D5B-7B7E113D2FBD"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A3698B1-CC10-40D0-872C-417263C7A949"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A79F3A-80B9-4D98-92EE-681ED2E716B8"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD833CE8-F37B-4EEB-9DD3-E8A8BB121390"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E4B00D0-93F9-4145-BA91-6F4A66F19854"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74CB3FCB-192A-48A7-9FF3-3D228729AC60"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1107BD8-2F96-4788-A478-C0D7B9D22688"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "139FA36E-582D-41E9-AC4F-9BD49C844039"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EB54773-A54F-4D9E-B213-464421B4FA88"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8CBF0A-310F-41EB-B377-F08FE03E3867"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62BB74B8-C90B-4CA1-B8CE-29F8D42D4B46"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44855E13-5493-4362-B7E8-5A1A6F299FFC"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "430F2EBF-09EB-4F48-ACF8-8B4EDF83E284"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE35151C-FCF6-4A89-8283-B24225019241"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:18.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7398A446-3A15-40C5-A76A-042D6FA9221C"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:18.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4337421-61DB-4469-868E-E8A04BE01B46"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References