8.8

CVE-2019-0017

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Space Version13.3 Updater1
JuniperJunos Space Version13.3 Updater2
JuniperJunos Space Version13.3 Updater3
JuniperJunos Space Version13.3 Updater4
JuniperJunos Space Version14.1 Update-
JuniperJunos Space Version14.1 Updater1
JuniperJunos Space Version14.1 Updater2
JuniperJunos Space Version14.1 Updater3
JuniperJunos Space Version15.1 Updater1
JuniperJunos Space Version15.1 Updater2
JuniperJunos Space Version15.1 Updater3
JuniperJunos Space Version15.1 Updater4
JuniperJunos Space Version15.2 Update-
JuniperJunos Space Version15.2 Updater1
JuniperJunos Space Version15.2 Updater2
JuniperJunos Space Version16.1 Update-
JuniperJunos Space Version16.1 Updater1
JuniperJunos Space Version16.1 Updater2
JuniperJunos Space Version16.1 Updater3
JuniperJunos Space Version17.1 Updater1
JuniperJunos Space Version17.2 Updater1.4
JuniperJunos Space Version18.1 Updater1
JuniperJunos Space Version18.2 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.456
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
sirt@juniper.net 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.