CVE Vulnerabilities

CVE-2019-0016

Published: Jan 15, 2019 | Modified: Aug 24, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Affected Software

Name Vendor Start Version End Version
Junos_space Juniper 13.3-r1 (including) 13.3-r1 (including)
Junos_space Juniper 13.3-r2 (including) 13.3-r2 (including)
Junos_space Juniper 13.3-r3 (including) 13.3-r3 (including)
Junos_space Juniper 13.3-r4 (including) 13.3-r4 (including)
Junos_space Juniper 14.1 (including) 14.1 (including)
Junos_space Juniper 14.1-r1 (including) 14.1-r1 (including)
Junos_space Juniper 14.1-r2 (including) 14.1-r2 (including)
Junos_space Juniper 14.1-r3 (including) 14.1-r3 (including)
Junos_space Juniper 15.1-r1 (including) 15.1-r1 (including)
Junos_space Juniper 15.1-r2 (including) 15.1-r2 (including)
Junos_space Juniper 15.1-r3 (including) 15.1-r3 (including)
Junos_space Juniper 15.1-r4 (including) 15.1-r4 (including)
Junos_space Juniper 15.2 (including) 15.2 (including)
Junos_space Juniper 15.2-r1 (including) 15.2-r1 (including)
Junos_space Juniper 15.2-r2 (including) 15.2-r2 (including)
Junos_space Juniper 16.1 (including) 16.1 (including)
Junos_space Juniper 16.1-r1 (including) 16.1-r1 (including)
Junos_space Juniper 16.1-r2 (including) 16.1-r2 (including)
Junos_space Juniper 16.1-r3 (including) 16.1-r3 (including)
Junos_space Juniper 17.1-r1 (including) 17.1-r1 (including)
Junos_space Juniper 17.2-r1.4 (including) 17.2-r1.4 (including)
Junos_space Juniper 18.1-r1 (including) 18.1-r1 (including)
Junos_space Juniper 18.2-r1 (including) 18.2-r1 (including)

References