CVE-2019-0017

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Published: Jan 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0017
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
juniper / junos_space	13.3-r2	13.3-r2.x
juniper / junos_space	13.3-r4	13.3-r4.x
juniper / junos_space	14.1-r2	14.1-r2.x
juniper / junos_space	14.1-r3	14.1-r3.x
juniper / junos_space	15.1-r1	15.1-r1.x
juniper / junos_space	15.1-r2	15.1-r2.x
juniper / junos_space	15.1-r3	15.1-r3.x
juniper / junos_space	15.2-r2	15.2-r2.x
juniper / junos_space	16.1-r2	16.1-r2.x
juniper / junos_space	16.1-r3	16.1-r3.x
juniper / junos_space	17.1-r1	17.1-r1.x
juniper / junos_space	16.1-r1	16.1-r1.x
juniper / junos_space	15.2-r1	15.2-r1.x
juniper / junos_space	14.1-r1	14.1-r1.x
juniper / junos_space	13.3-r1	13.3-r1.x
juniper / junos_space	13.3-r3	13.3-r3.x
juniper / junos_space	14.1	14.1.x
juniper / junos_space	15.1-r4	15.1-r4.x
juniper / junos_space	16.1	16.1.x
juniper / junos_space	15.2	15.2.x
juniper / junos_space	17.2-r1.4	17.2-r1.4.x
juniper / junos_space	18.1-r1	18.1-r1.x
juniper / junos_space	18.2-r1	18.2-r1.x

https://kb.juniper.net/JSA10917

Vulnerability Database

289,599

CVE-2019-0017