Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos_space | Juniper | 11.1 (including) | 11.1 (including) |
| Junos_space | Juniper | 11.2 (including) | 11.2 (including) |
| Junos_space | Juniper | 11.3 (including) | 11.3 (including) |
| Junos_space | Juniper | 11.4 (including) | 11.4 (including) |
| Junos_space | Juniper | 12.1 (including) | 12.1 (including) |
| Junos_space | Juniper | 12.2 (including) | 12.2 (including) |
| Junos_space | Juniper | 12.3 (including) | 12.3 (including) |