Sign-up

ID

VAR-201901-1611


CVE

CVE-2019-0016


TITLE

Juniper Networks Junos Space Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001443

DESCRIPTION

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Junos Space 18.3R1. An attacker could exploit this vulnerability to delete a device from the Junos Space database

Trust: 1.71

sources: NVD: CVE-2019-0016 // JVNDB: JVNDB-2019-001443 // VULHUB: VHN-140047

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:15.2

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:18.3r1

Trust: 0.8

sources: JVNDB: JVNDB-2019-001443 // NVD: CVE-2019-0016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0016
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2019-0016
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0016
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-361
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140047
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0016
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140047
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0016
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-140047 // JVNDB: JVNDB-2019-001443 // CNNVD: CNNVD-201901-361 // NVD: CVE-2019-0016 // NVD: CVE-2019-0016

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-140047 // JVNDB: JVNDB-2019-001443 // NVD: CVE-2019-0016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-361

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-361

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001443

PATCH
title:JSA10917url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917&actp=METADATA
Trust: 0.8
title:Juniper Junos Space Network Management Platform Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88534
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001443 // 
            
            
            
            CNNVD: CNNVD-201901-361

EXTERNAL IDS
db:NVDid:CVE-2019-0016
Trust: 2.5
db:JUNIPERid:JSA10917
Trust: 1.7
db:JVNDBid:JVNDB-2019-001443
Trust: 0.8
db:CNNVDid:CNNVD-201901-361
Trust: 0.7
db:VULHUBid:VHN-140047
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140047 // 
            
            
            
            JVNDB: JVNDB-2019-001443 // 
            
            
            
            CNNVD: CNNVD-201901-361 // 
            
            
            
            NVD: CVE-2019-0016

REFERENCES
url:https://kb.juniper.net/jsa10917
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0016
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0016
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140047 // 
            
            
            
            JVNDB: JVNDB-2019-001443 // 
            
            
            
            CNNVD: CNNVD-201901-361 // 
            
            
            
            NVD: CVE-2019-0016

SOURCES
db:VULHUBid:VHN-140047
db:JVNDBid:JVNDB-2019-001443
db:CNNVDid:CNNVD-201901-361
db:NVDid:CVE-2019-0016

LAST UPDATE DATE
2024-11-23T22:12:09.988000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140047date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-001443date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201901-361date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0016date:2024-11-21T04:16:03.423

SOURCES RELEASE DATE
db:VULHUBid:VHN-140047date:2019-01-15T00:00:00
db:JVNDBid:JVNDB-2019-001443date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201901-361date:2019-01-11T00:00:00
db:NVDid:CVE-2019-0016date:2019-01-15T21:29:01.463