Details of VAR-201703-0042

ID

VAR-201703-0042

CVE

CVE-2016-4930

TITLE

Junos Space Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-008032

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. Juniper Junos Space is prone to the following multiple security issues: 1. Cross-site scripting vulnerability 2. Cross-site request-forgery vulnerability 3. Authentication-bypass vulnerability 4. An XML external entity injection vulnerability 5. A command-injection vulnerability 6. A security-bypass vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, perform certain administrative actions, gain unauthorized access, bypass certain security restrictions or cause denial-of-service conditions. Juniper Networks Junos Space is a set of network management solutions of Juniper Networks (Juniper Networks). The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2016-4930 // JVNDB: JVNDB-2016-008032 // BID: 93540 // VULHUB: VHN-93749

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	15.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.9
vendor:	juniper	model:	junos space	scope:	lt	version:	15.2r2	Trust: 0.8
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	ne	version:	-	Trust: 0.3

sources: BID: 93540 // JVNDB: JVNDB-2016-008032 // CNNVD: CNNVD-201610-465 // NVD: CVE-2016-4930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4930
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4930
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201610-465
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93749
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4930
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93749
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4930
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93749 // JVNDB: JVNDB-2016-008032 // CNNVD: CNNVD-201610-465 // NVD: CVE-2016-4930

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-93749 // JVNDB: JVNDB-2016-008032 // NVD: CVE-2016-4930

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-465

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201610-465

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008032

PATCH

title:	JSA10760	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760	Trust: 0.8
title:	Juniper Junos Space Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64836	Trust: 0.6

sources: JVNDB: JVNDB-2016-008032 // CNNVD: CNNVD-201610-465

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4930	Trust: 2.8
db:	BID	id:	93540	Trust: 2.0
db:	JUNIPER	id:	JSA10760	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-008032	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-465	Trust: 0.7
db:	VULHUB	id:	VHN-93749	Trust: 0.1

sources: VULHUB: VHN-93749 // BID: 93540 // JVNDB: JVNDB-2016-008032 // CNNVD: CNNVD-201610-465 // NVD: CVE-2016-4930

REFERENCES

url:	http://www.securityfocus.com/bid/93540	Trust: 1.7
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10760	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4930	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4930	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10760&cat=sirt_1&actp=list	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10760	Trust: 0.1

sources: VULHUB: VHN-93749 // BID: 93540 // JVNDB: JVNDB-2016-008032 // CNNVD: CNNVD-201610-465 // NVD: CVE-2016-4930

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 93540

SOURCES

db:	VULHUB	id:	VHN-93749
db:	BID	id:	93540
db:	JVNDB	id:	JVNDB-2016-008032
db:	CNNVD	id:	CNNVD-201610-465
db:	NVD	id:	CVE-2016-4930

LAST UPDATE DATE

2024-11-23T22:07:37.777000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93749	date:	2017-03-22T00:00:00
db:	BID	id:	93540	date:	2016-10-26T02:07:00
db:	JVNDB	id:	JVNDB-2016-008032	date:	2017-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201610-465	date:	2017-03-21T00:00:00
db:	NVD	id:	CVE-2016-4930	date:	2024-11-21T02:53:15.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93749	date:	2017-03-20T00:00:00
db:	BID	id:	93540	date:	2016-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-008032	date:	2017-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201610-465	date:	2016-10-18T00:00:00
db:	NVD	id:	CVE-2016-4930	date:	2017-03-20T20:59:00.283