CVE-2021-0220
Summary
| CVE | CVE-2021-0220 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-15 18:15:00 UTC |
| Updated | 2021-01-26 16:02:00 UTC |
| Description | The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Juniper | Junos Space | 1.0 | All | All | All |
| Application | Juniper | Junos Space | 1.1 | All | All | All |
| Application | Juniper | Junos Space | 1.2 | All | All | All |
| Application | Juniper | Junos Space | 1.3 | All | All | All |
| Application | Juniper | Junos Space | 1.4 | All | All | All |
| Application | Juniper | Junos Space | 11.1 | All | All | All |
| Application | Juniper | Junos Space | 11.2 | All | All | All |
| Application | Juniper | Junos Space | 11.3 | All | All | All |
| Application | Juniper | Junos Space | 11.4 | All | All | All |
| Application | Juniper | Junos Space | 12.1 | All | All | All |
| Application | Juniper | Junos Space | 12.2 | All | All | All |
| Application | Juniper | Junos Space | 12.3 | All | All | All |
| Application | Juniper | Junos Space | 13.1 | - | All | All |
| Application | Juniper | Junos Space | 13.1 | r1.8 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 15.1 | - | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 17.1 | - | All | All |
| Application | Juniper | Junos Space | 17.2 | - | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | - | All | All |
| Application | Juniper | Junos Space | 18.1r1 | All | All | All |
| Application | Juniper | Junos Space | 18.2 | - | All | All |
| Application | Juniper | Junos Space | 18.3 | - | All | All |
| Application | Juniper | Junos Space | 18.4 | - | All | All |
| Application | Juniper | Junos Space | 19.1 | - | All | All |
| Application | Juniper | Junos Space | 2.0 | All | All | All |
| Operating System | Juniper | Junos Space | 15.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 15.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 16.1 | All | All | All |
| Operating System | Juniper | Junos Space | 17.2 | All | All | All |
| Operating System | Juniper | Junos Space | 18.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.3 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.4 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.3 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.4 | r1 | All | All |
| Operating System | Juniper | Junos Space | 20.1 | r1 | All | All |
| Application | Juniper | Junos Space | 1.0 | All | All | All |
| Application | Juniper | Junos Space | 1.1 | All | All | All |
| Application | Juniper | Junos Space | 1.2 | All | All | All |
| Application | Juniper | Junos Space | 1.3 | All | All | All |
| Application | Juniper | Junos Space | 1.4 | All | All | All |
| Application | Juniper | Junos Space | 11.1 | All | All | All |
| Application | Juniper | Junos Space | 11.2 | All | All | All |
| Application | Juniper | Junos Space | 11.3 | All | All | All |
| Application | Juniper | Junos Space | 11.4 | All | All | All |
| Application | Juniper | Junos Space | 12.1 | All | All | All |
| Application | Juniper | Junos Space | 12.2 | All | All | All |
| Application | Juniper | Junos Space | 12.3 | All | All | All |
| Application | Juniper | Junos Space | 13.1 | - | All | All |
| Application | Juniper | Junos Space | 13.1 | r1.8 | All | All |
| Application | Juniper | Junos Space | 13.3 | r3 | All | All |
| Application | Juniper | Junos Space | 14.1 | - | All | All |
| Application | Juniper | Junos Space | 15.1 | - | All | All |
| Application | Juniper | Junos Space | 15.1 | r2 | All | All |
| Application | Juniper | Junos Space | 15.1 | r4 | All | All |
| Application | Juniper | Junos Space | 15.2 | - | All | All |
| Application | Juniper | Junos Space | 16.1 | - | All | All |
| Application | Juniper | Junos Space | 17.1 | - | All | All |
| Application | Juniper | Junos Space | 17.2 | - | All | All |
| Application | Juniper | Junos Space | 17.2 | r1.4 | All | All |
| Application | Juniper | Junos Space | 18.1 | - | All | All |
| Application | Juniper | Junos Space | 18.1r1 | All | All | All |
| Application | Juniper | Junos Space | 18.2 | - | All | All |
| Application | Juniper | Junos Space | 18.3 | - | All | All |
| Application | Juniper | Junos Space | 18.4 | - | All | All |
| Application | Juniper | Junos Space | 19.1 | - | All | All |
| Application | Juniper | Junos Space | 2.0 | All | All | All |
| Operating System | Juniper | Junos Space | 15.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 15.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 16.1 | All | All | All |
| Operating System | Juniper | Junos Space | 17.2 | All | All | All |
| Operating System | Juniper | Junos Space | 18.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.3 | r1 | All | All |
| Operating System | Juniper | Junos Space | 18.4 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.1 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.2 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.3 | r1 | All | All |
| Operating System | Juniper | Junos Space | 19.4 | r1 | All | All |
| Operating System | Juniper | Junos Space | 20.1 | r1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2021-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 20.3R1 release - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Juniper SIRT would like to acknowledge and thank Bruno Colella Garofalo for responsibly reporting this vulnerability.
There are currently no legacy QID mappings associated with this CVE.