Details of VAR-201308-0280

ID

VAR-201308-0280

CVE

CVE-2013-5097

TITLE

Junos Space JA1500 Used in appliances Juniper Junos Space Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-003758

DESCRIPTION

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. Vendors have confirmed this vulnerability PR 879462 It is released as.Dictionary attack by remotely authenticated user (dictionary attack) You may get important information through. Juniper Networks JUNOS Space is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. Juniper Networks JUNOS Space versions 11.1, 11.2, 11.3, 12.1, 12.2 and 12.3 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2013-5097 // JVNDB: JVNDB-2013-003758 // BID: 61795 // VULHUB: VHN-65099

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 1.6
vendor:	juniper	model:	junos space virtual appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	junos space ja1500 appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	13.1r1.6	Trust: 0.8
vendor:	juniper	model:	junos space ja1500 appliance	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos space virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos space 13.1r1.6	scope:	ne	version:	-	Trust: 0.3

sources: BID: 61795 // JVNDB: JVNDB-2013-003758 // CNNVD: CNNVD-201308-257 // NVD: CVE-2013-5097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5097
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5097
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-257
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65099
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5097
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65099
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65099 // JVNDB: JVNDB-2013-003758 // CNNVD: CNNVD-201308-257 // NVD: CVE-2013-5097

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65099 // JVNDB: JVNDB-2013-003758 // NVD: CVE-2013-5097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-257

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-257

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003758

PATCH

title:

JSA10585

url:

http://kb.juniper.net/JSA10585

Trust: 0.8

sources: JVNDB: JVNDB-2013-003758

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5097	Trust: 2.8
db:	JUNIPER	id:	JSA10585	Trust: 2.0
db:	SECTRACK	id:	1028923	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003758	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-257	Trust: 0.7
db:	BID	id:	61795	Trust: 0.4
db:	VULHUB	id:	VHN-65099	Trust: 0.1

sources: VULHUB: VHN-65099 // BID: 61795 // JVNDB: JVNDB-2013-003758 // CNNVD: CNNVD-201308-257 // NVD: CVE-2013-5097

REFERENCES

url:	http://kb.juniper.net/jsa10585	Trust: 1.7
url:	http://www.securitytracker.com/id/1028923	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5097	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5097	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10585	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3

sources: VULHUB: VHN-65099 // BID: 61795 // JVNDB: JVNDB-2013-003758 // CNNVD: CNNVD-201308-257 // NVD: CVE-2013-5097

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 61795

SOURCES

db:	VULHUB	id:	VHN-65099
db:	BID	id:	61795
db:	JVNDB	id:	JVNDB-2013-003758
db:	CNNVD	id:	CNNVD-201308-257
db:	NVD	id:	CVE-2013-5097

LAST UPDATE DATE

2024-11-23T19:24:56.855000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65099	date:	2013-09-12T00:00:00
db:	BID	id:	61795	date:	2013-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003758	date:	2013-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201308-257	date:	2013-08-20T00:00:00
db:	NVD	id:	CVE-2013-5097	date:	2024-11-21T01:57:00.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65099	date:	2013-08-16T00:00:00
db:	BID	id:	61795	date:	2013-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003758	date:	2013-08-19T00:00:00
db:	CNNVD	id:	CNNVD-201308-257	date:	2013-08-20T00:00:00
db:	NVD	id:	CVE-2013-5097	date:	2013-08-16T14:01:36.597