Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-0220

Опубликовано: 15 янв. 2021
Источник: nvd
CVSS3: 6.8
CVSS2: 3.5
EPSS Низкий

Описание

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:juniper:junos_space:1.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:1.4:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:2.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:12.3:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.1:r1.8:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:13.3:r3:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:14.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:r2:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.1:r4:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:15.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:16.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:17.2:r1.4:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.1:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.1r1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.2:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.3:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:18.4:-:*:*:*:*:*:*
cpe:2.3:a:juniper:junos_space:19.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:17.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:18.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_space:20.1:r1:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00275
Низкий

6.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-257
CWE-522

Связанные уязвимости

github логотип

GHSA-wvhm-q7jr-v337

github
больше 3 лет назад

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

EPSS

Процентиль: 51%
0.00275
Низкий

6.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-257
CWE-522