CVE-2019-0016

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Published: Jan 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0016
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
juniper / junos_space	13.3-r2	13.3-r2.x
juniper / junos_space	13.3-r4	13.3-r4.x
juniper / junos_space	14.1-r2	14.1-r2.x
juniper / junos_space	14.1-r3	14.1-r3.x
juniper / junos_space	15.1-r1	15.1-r1.x
juniper / junos_space	15.1-r2	15.1-r2.x
juniper / junos_space	15.1-r3	15.1-r3.x
juniper / junos_space	15.2-r2	15.2-r2.x
juniper / junos_space	16.1-r2	16.1-r2.x
juniper / junos_space	16.1-r3	16.1-r3.x
juniper / junos_space	17.1-r1	17.1-r1.x
juniper / junos_space	16.1-r1	16.1-r1.x
juniper / junos_space	15.2-r1	15.2-r1.x
juniper / junos_space	14.1-r1	14.1-r1.x
juniper / junos_space	13.3-r1	13.3-r1.x
juniper / junos_space	13.3-r3	13.3-r3.x
juniper / junos_space	14.1	14.1.x
juniper / junos_space	15.1-r4	15.1-r4.x
juniper / junos_space	16.1	16.1.x
juniper / junos_space	15.2	15.2.x
juniper / junos_space	17.2-r1.4	17.2-r1.4.x
juniper / junos_space	18.1-r1	18.1-r1.x
juniper / junos_space	18.2-r1	18.2-r1.x

https://kb.juniper.net/JSA10917

Vulnerability Database

289,689

CVE-2019-0016