Details of VAR-201710-0040

ID

VAR-201710-0040

CVE

CVE-2016-1265

TITLE

Juniper Networks Junos Space Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-008844

DESCRIPTION

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. Juniper Networks Junos Space Contains information disclosure vulnerabilities, certificate / password management vulnerabilities, and cross-site request forgery vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An unspecified cross-site scripting vulnerability 2. An unspecified insecure default Password vulnerability 3. An unspecified information disclosure vulnerability 4. Multiple unspecified command injection vulnerabilities. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2016-1265 // JVNDB: JVNDB-2016-008844 // BID: 86041 // VULHUB: VHN-90084

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	15.1r2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	15.1r3	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1r2	Trust: 0.6

sources: JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1265
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2016-1265
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-1265
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201604-298
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90084
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1265
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90084
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1265
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-90084 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265 // NVD: CVE-2016-1265

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-352	Trust: 1.9

sources: VULHUB: VHN-90084 // JVNDB: JVNDB-2016-008844 // NVD: CVE-2016-1265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-298

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201604-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008844

PATCH

title:	JSA10727	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&actp=METADATA	Trust: 0.8
title:	Juniper Junos Space Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99590	Trust: 0.6

sources: JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1265	Trust: 2.8
db:	JUNIPER	id:	JSA10727	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-008844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-298	Trust: 0.7
db:	BID	id:	86041	Trust: 0.4
db:	VULHUB	id:	VHN-90084	Trust: 0.1

sources: VULHUB: VHN-90084 // BID: 86041 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

REFERENCES

url:	https://kb.juniper.net/jsa10727	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1265	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1265	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10727&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-90084 // BID: 86041 // JVNDB: JVNDB-2016-008844 // CNNVD: CNNVD-201604-298 // NVD: CVE-2016-1265

CREDITS

Juniper

Trust: 0.3

sources: BID: 86041

SOURCES

db:	VULHUB	id:	VHN-90084
db:	BID	id:	86041
db:	JVNDB	id:	JVNDB-2016-008844
db:	CNNVD	id:	CNNVD-201604-298
db:	NVD	id:	CVE-2016-1265

LAST UPDATE DATE

2024-08-14T13:07:33.997000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90084	date:	2019-10-09T00:00:00
db:	BID	id:	86041	date:	2016-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-008844	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201604-298	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2016-1265	date:	2019-10-09T23:17:15.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90084	date:	2017-10-13T00:00:00
db:	BID	id:	86041	date:	2016-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-008844	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201604-298	date:	2016-04-14T00:00:00
db:	NVD	id:	CVE-2016-1265	date:	2017-10-13T17:29:00.223