CVE-2013-5096

Published Aug 16, 2013

Last updated a month ago

CVSS info 4.0

Overview

Description: Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A323AE-7C8D-49F3-BB47-15DEBAFC86BD"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAEC058B-C096-455B-9A75-5191E00A367D"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E79208-AF42-48D9-990C-E2E2E1DE8E1E"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA5E2C05-12C0-48B6-BE84-0A045B2A2B91"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "167749D0-F3B8-48F3-BFC8-37A531E48C16"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4C754E5-ACBB-45DE-B983-0888A8EB7CD3"
          },
          {
            "criteria": "cpe:2.3:a:juniper:junos_space:12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84E7CE7F-4410-461D-9381-B186789B6509"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:juniper:junos_space_virtual_appliance:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AE8EA74-6BD3-461C-9D08-EF1024EC0E5A"
          },
          {
            "criteria": "cpe:2.3:h:juniper:junos_space_ja1500_appliance:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C58939FC-742F-4A93-8977-6953B32E6817"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References