Details of VAR-201804-0246

ID

VAR-201804-0246

CVE

CVE-2014-3413

TITLE

Juniper Networks Junos Space Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2014-008609

DESCRIPTION

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. Juniper Networks Junos Space Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos Space is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained will aid in further attacks. Versions prior to Juniper Junos Space 13.3R1.8 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. MySQL server is one of the MySQL relational database servers

Trust: 2.07

sources: NVD: CVE-2014-3413 // JVNDB: JVNDB-2014-008609 // BID: 104525 // VULHUB: VHN-71353 // VULMON: CVE-2014-3413

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 1.9
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.9
vendor:	juniper	model:	junos space	scope:	lt	version:	13.3r1.8	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	ne	version:	-	Trust: 0.3

sources: BID: 104525 // JVNDB: JVNDB-2014-008609 // CNNVD: CNNVD-201804-267 // NVD: CVE-2014-3413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3413
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-3413
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201804-267
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71353
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-3413
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3413
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71353
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-3413
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-71353 // VULMON: CVE-2014-3413 // JVNDB: JVNDB-2014-008609 // CNNVD: CNNVD-201804-267 // NVD: CVE-2014-3413

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-71353 // JVNDB: JVNDB-2014-008609 // NVD: CVE-2014-3413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-267

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-267

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008609

PATCH

title:	JSA10627	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627	Trust: 0.8
title:	Juniper Junos Space MySQL Server security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83100	Trust: 0.6

sources: JVNDB: JVNDB-2014-008609 // CNNVD: CNNVD-201804-267

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3413	Trust: 2.9
db:	JUNIPER	id:	JSA10627	Trust: 2.1
db:	TENABLE	id:	TRA-2014-01	Trust: 2.1
db:	JVNDB	id:	JVNDB-2014-008609	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-267	Trust: 0.6
db:	BID	id:	104525	Trust: 0.4
db:	VULHUB	id:	VHN-71353	Trust: 0.1
db:	VULMON	id:	CVE-2014-3413	Trust: 0.1

sources: VULHUB: VHN-71353 // VULMON: CVE-2014-3413 // BID: 104525 // JVNDB: JVNDB-2014-008609 // CNNVD: CNNVD-201804-267 // NVD: CVE-2014-3413

REFERENCES

url:	https://www.tenable.com/security/research/tra-2014-01	Trust: 2.1
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10627	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3413	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3413	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10627	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-71353 // VULMON: CVE-2014-3413 // BID: 104525 // JVNDB: JVNDB-2014-008609 // CNNVD: CNNVD-201804-267 // NVD: CVE-2014-3413

CREDITS

Tenable Network Security

Trust: 0.3

sources: BID: 104525

SOURCES

db:	VULHUB	id:	VHN-71353
db:	VULMON	id:	CVE-2014-3413
db:	BID	id:	104525
db:	JVNDB	id:	JVNDB-2014-008609
db:	CNNVD	id:	CNNVD-201804-267
db:	NVD	id:	CVE-2014-3413

LAST UPDATE DATE

2024-11-23T20:10:50.599000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71353	date:	2018-08-10T00:00:00
db:	VULMON	id:	CVE-2014-3413	date:	2018-08-10T00:00:00
db:	BID	id:	104525	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-008609	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-267	date:	2018-06-25T00:00:00
db:	NVD	id:	CVE-2014-3413	date:	2024-11-21T02:08:02.387

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71353	date:	2018-04-05T00:00:00
db:	VULMON	id:	CVE-2014-3413	date:	2018-04-05T00:00:00
db:	BID	id:	104525	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-008609	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-267	date:	2018-04-05T00:00:00
db:	NVD	id:	CVE-2014-3413	date:	2018-04-05T17:29:00.253