Details of VAR-201405-0181

ID

VAR-201405-0181

CVE

CVE-2014-3412

TITLE

Juniper Junos Space Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002566

DESCRIPTION

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. An remote attacker can exploit this issue to execute arbitrary code with root privileges. This may facilitate complete compromise of the affected device. Junos Space 13.1 and prior are vulnerable. Juniper Junos Space is a set of network management solutions from Juniper Networks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2014-3412 // JVNDB: JVNDB-2014-002566 // BID: 67454 // VULHUB: VHN-71352

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	2.0	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 1.6
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 1.0
vendor:	juniper	model:	junos space ja1500 appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.1	Trust: 1.0
vendor:	juniper	model:	junos space ja2500 appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	13.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	13.3r1.8	Trust: 0.8
vendor:	juniper	model:	junos space ja1500 appliance	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos space ja2500 appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2014-002566 // CNNVD: CNNVD-201405-394 // NVD: CVE-2014-3412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3412
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3412
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-394
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71352
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3412
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71352
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71352 // JVNDB: JVNDB-2014-002566 // CNNVD: CNNVD-201405-394 // NVD: CVE-2014-3412

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-394

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201405-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002566

PATCH

title:

JSA10626

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626

Trust: 0.8

sources: JVNDB: JVNDB-2014-002566

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3412	Trust: 2.8
db:	BID	id:	67454	Trust: 2.0
db:	SECTRACK	id:	1030254	Trust: 1.7
db:	JUNIPER	id:	JSA10626	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-002566	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-394	Trust: 0.7
db:	VULHUB	id:	VHN-71352	Trust: 0.1

sources: VULHUB: VHN-71352 // BID: 67454 // JVNDB: JVNDB-2014-002566 // CNNVD: CNNVD-201405-394 // NVD: CVE-2014-3412

REFERENCES

url:	http://www.securityfocus.com/bid/67454	Trust: 1.7
url:	http://www.securitytracker.com/id/1030254	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10626	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3412	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3412	Trust: 0.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10626	Trust: 0.1

sources: VULHUB: VHN-71352 // JVNDB: JVNDB-2014-002566 // CNNVD: CNNVD-201405-394 // NVD: CVE-2014-3412

CREDITS

Juniper Networks

Trust: 0.3

sources: BID: 67454

SOURCES

db:	VULHUB	id:	VHN-71352
db:	BID	id:	67454
db:	JVNDB	id:	JVNDB-2014-002566
db:	CNNVD	id:	CNNVD-201405-394
db:	NVD	id:	CVE-2014-3412

LAST UPDATE DATE

2024-11-23T22:08:20.865000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71352	date:	2014-05-21T00:00:00
db:	BID	id:	67454	date:	2014-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002566	date:	2014-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201405-394	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3412	date:	2024-11-21T02:08:02.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71352	date:	2014-05-20T00:00:00
db:	BID	id:	67454	date:	2014-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002566	date:	2014-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201405-394	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3412	date:	2014-05-20T14:55:05.770