CVE-2019-0016: Junos Space: Authenticated user able to delete devices without delete device privileges

First published: Tue Jan 15 2019(Updated: )

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.

Credit: sirt@juniper.net

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/severity
• agent/last-modified-date
• agent/title
• agent/author
• agent/references
• agent/first-publish-date
• agent/event
• agent/tags
• agent/description
• vendor/juniper
• canonical/juniper junos space
• version/juniper junos space/13.3-r1
• version/juniper junos space/13.3-r2
• version/juniper junos space/13.3-r3
• version/juniper junos space/13.3-r4
• version/juniper junos space/14.1
• version/juniper junos space/14.1-r1
• version/juniper junos space/14.1-r2
• version/juniper junos space/14.1-r3
• version/juniper junos space/15.1-r1
• version/juniper junos space/15.1-r2
• version/juniper junos space/15.1-r3
• version/juniper junos space/15.1-r4
• version/juniper junos space/15.2
• version/juniper junos space/15.2-r1
• version/juniper junos space/15.2-r2
• version/juniper junos space/16.1
• version/juniper junos space/16.1-r1
• version/juniper junos space/16.1-r2
• version/juniper junos space/16.1-r3
• version/juniper junos space/17.1-r1
• version/juniper junos space/17.2-r1.4
• version/juniper junos space/18.1-r1
• version/juniper junos space/18.2-r1