Sign-up

ID

VAR-201801-1082


CVE

CVE-2018-0012


TITLE

Junos Space Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001379

DESCRIPTION

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Junos Space Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos Space is a set of network management solutions from Juniper Networks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. An elevation of privilege vulnerability exists in Juniper Junos Space

Trust: 1.71

sources: NVD: CVE-2018-0012 // JVNDB: JVNDB-2018-001379 // VULHUB: VHN-118214

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:lteversion:17.2

Trust: 1.0

vendor:junipermodel:junos spacescope: - version: -

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:17.2

Trust: 0.6

sources: JVNDB: JVNDB-2018-001379 // CNNVD: CNNVD-201801-358 // NVD: CVE-2018-0012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0012
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2018-0012
value: HIGH

Trust: 1.0

NVD: CVE-2018-0012
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-358
value: HIGH

Trust: 0.6

VULHUB: VHN-118214
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0012
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118214
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0012
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-118214 // JVNDB: JVNDB-2018-001379 // CNNVD: CNNVD-201801-358 // NVD: CVE-2018-0012 // NVD: CVE-2018-0012

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-118214 // JVNDB: JVNDB-2018-001379 // NVD: CVE-2018-0012

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-358

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-358

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001379

PATCH
title:JSA10838url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838&actp=METADATA
Trust: 0.8
title:Juniper Junos Space Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77620
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001379 // 
            
            
            
            CNNVD: CNNVD-201801-358

EXTERNAL IDS
db:NVDid:CVE-2018-0012
Trust: 2.5
db:JUNIPERid:JSA10838
Trust: 1.7
db:SECTRACKid:1040189
Trust: 1.7
db:JVNDBid:JVNDB-2018-001379
Trust: 0.8
db:CNNVDid:CNNVD-201801-358
Trust: 0.7
db:VULHUBid:VHN-118214
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118214 // 
            
            
            
            JVNDB: JVNDB-2018-001379 // 
            
            
            
            CNNVD: CNNVD-201801-358 // 
            
            
            
            NVD: CVE-2018-0012

REFERENCES
url:https://kb.juniper.net/jsa10838
Trust: 1.7
url:http://www.securitytracker.com/id/1040189
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0012
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0012
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118214 // 
            
            
            
            JVNDB: JVNDB-2018-001379 // 
            
            
            
            CNNVD: CNNVD-201801-358 // 
            
            
            
            NVD: CVE-2018-0012

SOURCES
db:VULHUBid:VHN-118214
db:JVNDBid:JVNDB-2018-001379
db:CNNVDid:CNNVD-201801-358
db:NVDid:CVE-2018-0012

LAST UPDATE DATE
2024-11-23T22:07:01.426000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118214date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-001379date:2018-02-13T00:00:00
db:CNNVDid:CNNVD-201801-358date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0012date:2024-11-21T03:37:21.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-118214date:2018-01-10T00:00:00
db:JVNDBid:JVNDB-2018-001379date:2018-02-13T00:00:00
db:CNNVDid:CNNVD-201801-358date:2018-01-11T00:00:00
db:NVDid:CVE-2018-0012date:2018-01-10T22:29:01.367