CVE-2019-0017
Summary
| CVE | CVE-2019-0017 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-15 21:29:00 UTC |
| Updated | 2019-10-09 23:43:00 UTC |
| Description | The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Juniper | Junos Space | 13.3 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r2 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 13.3 | r4 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 14.1 | r1 | All | All |
| Application | Juniper | Junos Space | 14.1 | r2 | All | All |
| Application | Juniper | Junos Space | 14.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r1 | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 15.2 | r1 | All | All |
| Application | Juniper | Junos Space | 15.2 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | r1 | All | All |
| Application | Juniper | Junos Space | 16.1 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | r3 | All | All |
| Application | Juniper | Junos Space | 17.1 | r1 | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | r1 | All | All |
| Application | Juniper | Junos Space | 18.2 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r1 | All | All |
| Application | Juniper | Junos Space | 13.3 | r2 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 13.3 | r4 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 14.1 | r1 | All | All |
| Application | Juniper | Junos Space | 14.1 | r2 | All | All |
| Application | Juniper | Junos Space | 14.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r1 | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r3 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 15.2 | r1 | All | All |
| Application | Juniper | Junos Space | 15.2 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | r1 | All | All |
| Application | Juniper | Junos Space | 16.1 | r2 | All | All |
| Application | Juniper | Junos Space | 16.1 | r3 | All | All |
| Application | Juniper | Junos Space | 17.1 | r1 | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | r1 | All | All |
| Application | Juniper | Junos Space | 18.2 | r1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2019-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.3R1 and 18.4R1 releases - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.