Lucene search
K

Juniper Networks Junos Space Multiple Vulnerabilities (JSA10760)

🗓️ 13 Oct 2016 00:00:00Reported by Copyright (C) 2016 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 40 Views

Juniper Networks Junos Space Multiple Vulnerabilitie

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Juniper Junos Authentication Bypass Vulnerability
14 Oct 201600:00
cnvd
CNVD
Juniper Junos Space Man-in-the-Middle Attack Vulnerability
19 Oct 201600:00
cnvd
CNVD
Juniper Junos Space Cross-Site Request Forgery Vulnerability
19 Oct 201600:00
cnvd
CNVD
Juniper Junos Space Command Injection Vulnerability
19 Oct 201600:00
cnvd
CNVD
Juniper Junos Space Cross-Site Scripting Vulnerability
19 Oct 201600:00
cnvd
CNVD
Juniper Junos Space XML External Entity Injection Vulnerability
20 Oct 201600:00
cnvd
CVE
CVE-2016-4926
20 Mar 201720:00
cve
CVE
CVE-2016-4927
20 Mar 201720:00
cve
CVE
CVE-2016-4928
20 Mar 201720:00
cve
CVE
CVE-2016-4929
20 Mar 201720:00
cve
Rows per page
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:juniper:junos_space";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106348");
  script_version("2026-04-24T06:23:04+0000");
  script_tag(name:"last_modification", value:"2026-04-24 06:23:04 +0000 (Fri, 24 Apr 2026)");
  script_tag(name:"creation_date", value:"2016-10-13 09:18:34 +0700 (Thu, 13 Oct 2016)");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-03-22 19:24:00 +0000 (Wed, 22 Mar 2017)");

  script_cve_id("CVE-2016-4926", "CVE-2016-4927", "CVE-2016-4928", "CVE-2016-4929",
                "CVE-2016-4930", "CVE-2016-4931");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Juniper Networks Junos Space Multiple Vulnerabilities (JSA10760)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("JunOS Local Security Checks");
  script_dependencies("gb_juniper_junos_space_consolidation.nasl");
  script_mandatory_keys("juniper/junos/space/detected");

  script_tag(name:"summary", value:"Juniper Networks Junos Space is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following flaws exist:

  - CVE-2016-4926: Insufficient authentication vulnerability in Junos Space may allow remote
  network based users with access to Junos Space web interface to perform certain administrative
  tasks without authentication.

  - CVE-2016-4927: Insufficient validation of SSH keys in Junos Space may allow man-in-the-middle
  (MITM) type of attacks while a Space device is communicating with managed devices.

  - CVE-2016-4928: Cross site request forgery vulnerability in Junos Space may allow remote
  attackers to perform certain administrative actions on Junos Space.

  - CVE-2016-4929: Command injection vulnerability in Junos Space may allow unprivileged users to
  execute code as root user on the device.

  - CVE-2016-4930: Cross site scripting vulnerability may allow remote attackers to steal sensitive
  information or perform certain administrative actions on Junos Space.

  - CVE-2016-4931: XML entity injection vulnerability may allow unprivileged users to cause a
  denial of service condition.");

  script_tag(name:"affected", value:"Juniper Networks Junos Space versions prior to 15.2R2.");

  script_tag(name:"solution", value:"Update to version 15.2R2 or later.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10760");

  exit(0);
}

include("host_details.inc");
include("junos.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

version = toupper(version);

if (check_js_version(ver: version, fix: "15.2R2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "15.2R2");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation