Lucene search

[email protected]CVE-2018-0010

HistoryJan 10, 2018 - 10:29 p.m.

CVE-2018-0010

2018-01-1022:29:01

CWE-269

[email protected]

web.nvd.nist.gov

vulnerability

juniper networks

junos space

security director

ssh access

unauthorized access

nvd

cve-2018-0010

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.

Affected configurations

NVD

Node

juniperjunos_spaceMatch13.3r1

juniperjunos_spaceMatch13.3r2

juniperjunos_spaceMatch14.1r1

juniperjunos_spaceMatch14.1r2

juniperjunos_spaceMatch14.1r3

juniperjunos_spaceMatch15.1r1

juniperjunos_spaceMatch15.1r2

juniperjunos_spaceMatch15.1r3

juniperjunos_spaceMatch15.1r4

juniperjunos_spaceMatch15.2r1

juniperjunos_spaceMatch15.2r2

juniperjunos_spaceMatch16.1r1

juniperjunos_spaceMatch16.1r2

juniperjunos_spaceMatch16.1r3

juniperjunos_spaceMatch17.1r1

juniperjunos_spaceMatch17.2r1

CPENameOperatorVersion
juniper:junos_spacejuniper junos spaceeq13.3
juniper:junos_spacejuniper junos spaceeq14.1
juniper:junos_spacejuniper junos spaceeq15.1
juniper:junos_spacejuniper junos spaceeq15.2
juniper:junos_spacejuniper junos spaceeq16.1
juniper:junos_spacejuniper junos spaceeq17.1
juniper:junos_spacejuniper junos spaceeq17.2

CPE	Name	Operator	Version
juniper:junos_space	juniper junos space	eq	13.3
juniper:junos_space	juniper junos space	eq	14.1
juniper:junos_space	juniper junos space	eq	15.1
juniper:junos_space	juniper junos space	eq	15.2
juniper:junos_space	juniper junos space	eq	16.1
juniper:junos_space	juniper junos space	eq	17.1
juniper:junos_space	juniper junos space	eq	17.2

References

kb.juniper.net/JSA10840

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVE-2018-0010

prion1 cvelist1 nvd1