Sign-up

ID

VAR-201305-0316


CVE

CVE-2013-3497


TITLE

Junos Space JA1500 Used in appliances Juniper Junos Space Password acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002609

DESCRIPTION

Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. Multiple Juniper Networks Products are prone to a password-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2013-3497 // JVNDB: JVNDB-2013-002609 // BID: 59760 // VULHUB: VHN-63499

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:1.0

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:1.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:1.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:2.0

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.3

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:1.4

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:1.3

Trust: 1.6

vendor:junipermodel:junos space virtual appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos space ja1500 appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 1.0

vendor:junipermodel:junos spacescope:lteversion:12.3

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:12.2

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:12.3p2.8

Trust: 0.8

vendor:junipermodel:junos space ja1500 appliancescope: - version: -

Trust: 0.8

vendor:junipermodel:junos space virtual appliancescope: - version: -

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:ja1500scope:eqversion:0

Trust: 0.3

sources: BID: 59760 // JVNDB: JVNDB-2013-002609 // CNNVD: CNNVD-201305-180 // NVD: CVE-2013-3497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3497
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3497
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-180
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63499
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3497
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63499
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63499 // JVNDB: JVNDB-2013-002609 // CNNVD: CNNVD-201305-180 // NVD: CVE-2013-3497

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-63499 // JVNDB: JVNDB-2013-002609 // NVD: CVE-2013-3497

THREAT TYPE

local

Trust: 0.9

sources: BID: 59760 // CNNVD: CNNVD-201305-180

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201305-180

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002609

PATCH
title:Junos Spaceurl:http://www.juniper.net/jp/jp/products-services/software/junos-platform/junos-space/
Trust: 0.8
title:Juniper Networks Junos Space JA1500 Applianceurl:http://www.juniper.net/techpubs/en_US/release-independent/junos-space/information-products/pathway-pages/junos-space-appliance-pwp.html
Trust: 0.8
title:Junos Space Virtual Applianceurl:http://www.juniper.net/techpubs/en_US/junos-space11.4/topics/concept/junos-space-virtual-appliance-overview.html
Trust: 0.8
title:KB27374url:https://kb.juniper.net/InfoCenter/index?page=content&id=KB27374
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002609

EXTERNAL IDS
db:NVDid:CVE-2013-3497
Trust: 2.8
db:BIDid:59760
Trust: 1.4
db:OSVDBid:93112
Trust: 1.1
db:JVNDBid:JVNDB-2013-002609
Trust: 0.8
db:CNNVDid:CNNVD-201305-180
Trust: 0.7
db:VULHUBid:VHN-63499
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63499 // 
            
            
            
            BID: 59760 // 
            
            
            
            JVNDB: JVNDB-2013-002609 // 
            
            
            
            CNNVD: CNNVD-201305-180 // 
            
            
            
            NVD: CVE-2013-3497

REFERENCES
url:https://kb.juniper.net/kb27374
Trust: 1.7
url:http://www.securityfocus.com/bid/59760
Trust: 1.1
url:http://osvdb.org/93112
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/84109
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3497
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3497
Trust: 0.8
url:https://kb.juniper.net/infocenter/index?page=content&id=kb27374
Trust: 0.3
url:http://www.juniper.net/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63499 // 
            
            
            
            BID: 59760 // 
            
            
            
            JVNDB: JVNDB-2013-002609 // 
            
            
            
            CNNVD: CNNVD-201305-180 // 
            
            
            
            NVD: CVE-2013-3497

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59760

SOURCES
db:VULHUBid:VHN-63499
db:BIDid:59760
db:JVNDBid:JVNDB-2013-002609
db:CNNVDid:CNNVD-201305-180
db:NVDid:CVE-2013-3497

LAST UPDATE DATE
2024-11-23T22:08:30.899000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63499date:2017-08-29T00:00:00
db:BIDid:59760date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002609date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-180date:2013-05-21T00:00:00
db:NVDid:CVE-2013-3497date:2024-11-21T01:53:45.207

SOURCES RELEASE DATE
db:VULHUBid:VHN-63499date:2013-05-08T00:00:00
db:BIDid:59760date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002609date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-180date:2013-05-21T00:00:00
db:NVDid:CVE-2013-3497date:2013-05-08T23:55:01.083