Details of VAR-201901-1612

ID

VAR-201901-1612

CVE

CVE-2019-0017

TITLE

Juniper Networks Junos Space Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2019-001442

DESCRIPTION

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. Juniper Networks Junos Space Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. The vulnerability is due to insufficient validation checks

Trust: 1.71

sources: NVD: CVE-2019-0017 // JVNDB: JVNDB-2019-001442 // VULHUB: VHN-140048

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	18.3r1	Trust: 0.8

sources: JVNDB: JVNDB-2019-001442 // NVD: CVE-2019-0017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0017
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2019-0017
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0017
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-362
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140048
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0017
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140048
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0017
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2019-0017
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-140048 // JVNDB: JVNDB-2019-001442 // CNNVD: CNNVD-201901-362 // NVD: CVE-2019-0017 // NVD: CVE-2019-0017

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.9

sources: VULHUB: VHN-140048 // JVNDB: JVNDB-2019-001442 // NVD: CVE-2019-0017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-362

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-362

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001442

PATCH

title:	JSA10917	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917&actp=METADATA	Trust: 0.8
title:	Juniper Junos Space Network Management Platform Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88535	Trust: 0.6

sources: JVNDB: JVNDB-2019-001442 // CNNVD: CNNVD-201901-362

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0017	Trust: 2.5
db:	JUNIPER	id:	JSA10917	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-001442	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-362	Trust: 0.7
db:	VULHUB	id:	VHN-140048	Trust: 0.1

sources: VULHUB: VHN-140048 // JVNDB: JVNDB-2019-001442 // CNNVD: CNNVD-201901-362 // NVD: CVE-2019-0017

REFERENCES

url:	https://kb.juniper.net/jsa10917	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0017	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0017	Trust: 0.8

sources: VULHUB: VHN-140048 // JVNDB: JVNDB-2019-001442 // CNNVD: CNNVD-201901-362 // NVD: CVE-2019-0017

SOURCES

db:	VULHUB	id:	VHN-140048
db:	JVNDB	id:	JVNDB-2019-001442
db:	CNNVD	id:	CNNVD-201901-362
db:	NVD	id:	CVE-2019-0017

LAST UPDATE DATE

2024-11-23T22:12:10.014000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140048	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001442	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201901-362	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2019-0017	date:	2024-11-21T04:16:03.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140048	date:	2019-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-001442	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201901-362	date:	2019-01-11T00:00:00
db:	NVD	id:	CVE-2019-0017	date:	2019-01-15T21:29:01.493