CVE-2018-0010

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Junos_space	Juniper	13.3-r1 (including)	13.3-r1 (including)
Junos_space	Juniper	13.3-r2 (including)	13.3-r2 (including)
Junos_space	Juniper	14.1-r1 (including)	14.1-r1 (including)
Junos_space	Juniper	14.1-r2 (including)	14.1-r2 (including)
Junos_space	Juniper	14.1-r3 (including)	14.1-r3 (including)
Junos_space	Juniper	15.1-r1 (including)	15.1-r1 (including)
Junos_space	Juniper	15.1-r2 (including)	15.1-r2 (including)
Junos_space	Juniper	15.1-r3 (including)	15.1-r3 (including)
Junos_space	Juniper	15.1-r4 (including)	15.1-r4 (including)
Junos_space	Juniper	15.2-r1 (including)	15.2-r1 (including)
Junos_space	Juniper	15.2-r2 (including)	15.2-r2 (including)
Junos_space	Juniper	16.1-r1 (including)	16.1-r1 (including)
Junos_space	Juniper	16.1-r2 (including)	16.1-r2 (including)
Junos_space	Juniper	16.1-r3 (including)	16.1-r3 (including)
Junos_space	Juniper	17.1-r1 (including)	17.1-r1 (including)
Junos_space	Juniper	17.2-r1 (including)	17.2-r1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0010
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

References

CVE-2018-0010

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References