CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.

Published: Apr 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-3413
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
juniper / junos_space	13.3-r1.1	13.3-r1.1.x
juniper / junos_space	13.3-r1.2	13.3-r1.2.x
juniper / junos_space	13.3-r1.3	13.3-r1.3.x
juniper / junos_space	13.3-r1.4	13.3-r1.4.x
juniper / junos_space	13.3-r1.5	13.3-r1.5.x
juniper / junos_space	13.3-r1.6	13.3-r1.6.x
juniper / junos_space	13.3-r1.7	13.3-r1.7.x

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627
https://www.tenable.com/security/research/tra-2014-01

Vulnerability Database

289,689

CVE-2014-3413