Sign-up

ID

VAR-201801-1080


CVE

CVE-2018-0010


TITLE

Juniper Networks Junos Space Security Director Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001470

DESCRIPTION

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1. Security Director is one of the security management tools

Trust: 1.71

sources: NVD: CVE-2018-0010 // JVNDB: JVNDB-2018-001470 // VULHUB: VHN-118212

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:14.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:17.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:15.2

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:17.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:security director 17.2r1

Trust: 0.8

sources: JVNDB: JVNDB-2018-001470 // CNNVD: CNNVD-201711-909 // NVD: CVE-2018-0010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0010
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0010
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-909
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118212
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0010
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118212
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0010
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118212 // JVNDB: JVNDB-2018-001470 // CNNVD: CNNVD-201711-909 // NVD: CVE-2018-0010

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-118212 // JVNDB: JVNDB-2018-001470 // NVD: CVE-2018-0010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-909

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-909

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001470

PATCH
title:JSA10840url:https://kb.juniper.net/JSA10840
Trust: 0.8
title:Juniper Junos Space Security Director Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100179
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001470 // 
            
            
            
            CNNVD: CNNVD-201711-909

EXTERNAL IDS
db:NVDid:CVE-2018-0010
Trust: 2.5
db:JUNIPERid:JSA10840
Trust: 1.7
db:JVNDBid:JVNDB-2018-001470
Trust: 0.8
db:CNNVDid:CNNVD-201711-909
Trust: 0.7
db:VULHUBid:VHN-118212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118212 // 
            
            
            
            JVNDB: JVNDB-2018-001470 // 
            
            
            
            CNNVD: CNNVD-201711-909 // 
            
            
            
            NVD: CVE-2018-0010

REFERENCES
url:https://kb.juniper.net/jsa10840
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0010
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0010
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118212 // 
            
            
            
            JVNDB: JVNDB-2018-001470 // 
            
            
            
            CNNVD: CNNVD-201711-909 // 
            
            
            
            NVD: CVE-2018-0010

SOURCES
db:VULHUBid:VHN-118212
db:JVNDBid:JVNDB-2018-001470
db:CNNVDid:CNNVD-201711-909
db:NVDid:CVE-2018-0010

LAST UPDATE DATE
2024-11-23T22:41:59.819000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118212date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-001470date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-909date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0010date:2024-11-21T03:37:21.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-118212date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001470date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201711-909date:2017-11-22T00:00:00
db:NVDid:CVE-2018-0010date:2018-01-10T22:29:01.290