ID

VAR-201710-0040


CVE

CVE-2016-1265


TITLE

Juniper Networks Junos Space Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-008844

DESCRIPTION

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. Juniper Networks Junos Space Contains information disclosure vulnerabilities, certificate / password management vulnerabilities, and cross-site request forgery vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An unspecified cross-site scripting vulnerability 2. An unspecified insecure default Password vulnerability 3. An unspecified information disclosure vulnerability 4. Multiple unspecified command injection vulnerabilities. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2016-1265 // JVNDB: JVNDB-2016-008844 // BID: 86041 // VULHUB: VHN-90084

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:lteversion:15.1r2

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:15.1r2

Trust: 0.6

sources: JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1265
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2016-1265
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-1265
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201604-298
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90084
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1265
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90084
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1265
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-90084 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265 // NVD: CVE-2016-1265

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-90084 // JVNDB: JVNDB-2016-008844 // NVD: CVE-2016-1265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-298

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201604-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008844

PATCH

title:JSA10727url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&actp=METADATA

Trust: 0.8

title:Juniper Junos Space Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99590

Trust: 0.6

sources: JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298

EXTERNAL IDS

db:NVDid:CVE-2016-1265

Trust: 2.8

db:JUNIPERid:JSA10727

Trust: 2.0

db:JVNDBid:JVNDB-2016-008844

Trust: 0.8

db:CNNVDid:CNNVD-201604-298

Trust: 0.7

db:BIDid:86041

Trust: 0.4

db:VULHUBid:VHN-90084

Trust: 0.1

sources: VULHUB: VHN-90084 // BID: 86041 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

REFERENCES

url:https://kb.juniper.net/jsa10727

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1265

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-1265

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10727&cat=sirt_1&actp=list

Trust: 0.3

sources: VULHUB: VHN-90084 // BID: 86041 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

CREDITS

Juniper

Trust: 0.3

sources: BID: 86041

SOURCES

db:VULHUBid:VHN-90084
db:BIDid:86041
db:JVNDBid:JVNDB-2016-008844
db:CNNVDid:CNNVD-201604-298
db:NVDid:CVE-2016-1265

LAST UPDATE DATE

2024-08-14T13:07:33.997000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90084date:2019-10-09T00:00:00
db:BIDid:86041date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-008844date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201604-298date:2019-10-17T00:00:00
db:NVDid:CVE-2016-1265date:2019-10-09T23:17:15.687

SOURCES RELEASE DATE

db:VULHUBid:VHN-90084date:2017-10-13T00:00:00
db:BIDid:86041date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-008844date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201604-298date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1265date:2017-10-13T17:29:00.223