CVE-2016-1265

Published on: 10/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Junos Space from Juniper contain the following vulnerability:

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.

  • CVE-2016-1265 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
  • Affected Vendor/Software: Juniper Networks - Junos OS version all versions prior to 15.1R2
Vulnerability Patch/Work Around
  • Limit access to Junos Space from only trusted networks Use administrative jump boxes with no internet access and employ anti-scripting techniques. In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space - Juniper Networks Vendor Advisory
kb.juniper.net
text/html
URL Logo CONFIRM kb.juniper.net/JSA10727

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationJuniperJunos SpaceAllAllAllAll
  • cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*: