CVE-2018-0010

EPSS 0.14%
Published 10.01.2018 22:29:01
Last modified 21.11.2024 03:37:21
Source sirt@juniper.net
Teams watchlist Login
Open Login

A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Space Version13.3 Updater1

Juniper ≫ Junos Space Version13.3 Updater2

Juniper ≫ Junos Space Version14.1 Updater1

Juniper ≫ Junos Space Version14.1 Updater2

Juniper ≫ Junos Space Version14.1 Updater3

Juniper ≫ Junos Space Version15.1 Updater1

Juniper ≫ Junos Space Version15.1 Updater2

Juniper ≫ Junos Space Version15.1 Updater3

Juniper ≫ Junos Space Version15.1 Updater4

Juniper ≫ Junos Space Version15.2 Updater1

Juniper ≫ Junos Space Version15.2 Updater2

Juniper ≫ Junos Space Version16.1 Updater1

Juniper ≫ Junos Space Version16.1 Updater2

Juniper ≫ Junos Space Version16.1 Updater3

Juniper ≫ Junos Space Version17.1 Updater1

Juniper ≫ Junos Space Version17.2 Updater1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.312

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kb.juniper.net/JSA10840

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0010

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0010

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0010

EUVD