Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804.
2013-08-16T14:01:36.577
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.0 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | juniper | junos_space | 11.1 | Yes |
Application | juniper | junos_space | 11.2 | Yes |
Application | juniper | junos_space | 11.3 | Yes |
Application | juniper | junos_space | 11.4 | Yes |
Application | juniper | junos_space | 12.1 | Yes |
Application | juniper | junos_space | 12.2 | Yes |
Application | juniper | junos_space | 12.3 | Yes |
Application | juniper | junos_space_virtual_appliance | - | Yes |
Hardware | juniper | junos_space_ja1500_appliance | - | Yes |