CVE-2019-0016

Summary

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos Spaceunspecified < 18.3R1affected

Weaknesses

  • Improper Access Control

Workarounds

Use access lists or firewall filters to limit access to the device's management interface only from trusted hosts and administrators.

ADP Enrichment

CVE Program Container

Additional References

References