Sign-up

ID

VAR-201308-0279


CVE

CVE-2013-5096


TITLE

Junos Space JA1500 Used in appliances Juniper Junos Space Vulnerabilities whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2013-003757

DESCRIPTION

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. Vendors have confirmed this vulnerability PR 863804 It is released as.Remotely authenticated users may change settings by using read-only privileges. Juniper Networks JUNOS Space is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions like making configuration changes. This may aid in further attacks. Juniper Networks JUNOS Space versions 11.1, 11.2, 11.3, 12.1, 12.2 and 12.3 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A remote authorized attacker could exploit this vulnerability to modify the configuration with read-only permissions

Trust: 1.98

sources: NVD: CVE-2013-5096 // JVNDB: JVNDB-2013-003757 // BID: 61794 // VULHUB: VHN-65098

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:12.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.3

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 1.6

vendor:junipermodel:junos space virtual appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos space ja1500 appliancescope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:13.1r1.6

Trust: 0.8

vendor:junipermodel:junos space ja1500 appliancescope: - version: -

Trust: 0.8

vendor:junipermodel:junos space virtual appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-003757 // CNNVD: CNNVD-201308-256 // NVD: CVE-2013-5096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5096
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5096
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-256
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65098
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5096
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65098
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65098 // JVNDB: JVNDB-2013-003757 // CNNVD: CNNVD-201308-256 // NVD: CVE-2013-5096

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65098 // JVNDB: JVNDB-2013-003757 // NVD: CVE-2013-5096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-256

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003757

PATCH
title:JSA10585url:http://kb.juniper.net/JSA10585
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003757

EXTERNAL IDS
db:NVDid:CVE-2013-5096
Trust: 2.8
db:JUNIPERid:JSA10585
Trust: 1.7
db:BIDid:61794
Trust: 1.4
db:SECTRACKid:1028923
Trust: 1.1
db:JVNDBid:JVNDB-2013-003757
Trust: 0.8
db:CNNVDid:CNNVD-201308-256
Trust: 0.7
db:VULHUBid:VHN-65098
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65098 // 
            
            
            
            BID: 61794 // 
            
            
            
            JVNDB: JVNDB-2013-003757 // 
            
            
            
            CNNVD: CNNVD-201308-256 // 
            
            
            
            NVD: CVE-2013-5096

REFERENCES
url:http://kb.juniper.net/jsa10585
Trust: 1.7
url:http://www.securityfocus.com/bid/61794
Trust: 1.1
url:http://www.securitytracker.com/id/1028923
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5096
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5096
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65098 // 
            
            
            
            JVNDB: JVNDB-2013-003757 // 
            
            
            
            CNNVD: CNNVD-201308-256 // 
            
            
            
            NVD: CVE-2013-5096

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 61794

SOURCES
db:VULHUBid:VHN-65098
db:BIDid:61794
db:JVNDBid:JVNDB-2013-003757
db:CNNVDid:CNNVD-201308-256
db:NVDid:CVE-2013-5096

LAST UPDATE DATE
2024-11-23T21:06:24.845000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65098date:2013-09-12T00:00:00
db:BIDid:61794date:2013-08-16T00:00:00
db:JVNDBid:JVNDB-2013-003757date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201308-256date:2013-08-20T00:00:00
db:NVDid:CVE-2013-5096date:2024-11-21T01:57:00.560

SOURCES RELEASE DATE
db:VULHUBid:VHN-65098date:2013-08-16T00:00:00
db:BIDid:61794date:2013-08-16T00:00:00
db:JVNDBid:JVNDB-2013-003757date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201308-256date:2013-08-20T00:00:00
db:NVDid:CVE-2013-5096date:2013-08-16T14:01:36.577