Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1265

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.

Published

2017-10-13T17:29:00.223

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-200
CWE-255
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	junos_space	≤ 15.1r2	Yes

References

https://kb.juniper.net/JSA10727 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA10727 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)