Vulnerabilities > Juniper > Junos Space > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0017 Unrestricted Upload of File with Dangerous Type vulnerability in Juniper Junos Space
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types.
network
low complexity
juniper CWE-434
8.8
2018-01-10 CVE-2018-0012 Unspecified vulnerability in Juniper Junos Space
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
local
low complexity
juniper
7.8
2017-10-13 CVE-2017-10624 Insufficient Verification of Data Authenticity vulnerability in Juniper Junos Space
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes.
network
high complexity
juniper CWE-345
7.5
2017-10-13 CVE-2017-10623 Improper Authentication vulnerability in Juniper Junos Space
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes.
network
high complexity
juniper CWE-287
8.1
2017-10-13 CVE-2017-10612 Cross-site Scripting vulnerability in Juniper Junos Space
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators.
network
low complexity
juniper CWE-79
8.0
2017-05-30 CVE-2017-2306 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
network
low complexity
juniper CWE-863
8.8
2017-05-30 CVE-2017-2305 Incorrect Authorization vulnerability in Juniper Junos Space
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
network
low complexity
juniper CWE-863
8.8
2017-03-20 CVE-2016-4929 Command Injection vulnerability in Juniper Junos Space
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
network
low complexity
juniper CWE-77
8.8
2017-03-20 CVE-2016-4928 Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos Space
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
network
low complexity
juniper CWE-352
8.8
2017-03-20 CVE-2016-4927 Improper Input Validation vulnerability in Juniper Junos Space
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
network
high complexity
juniper CWE-20
8.1