CVE-2019-0016: Junos Space: Authenticated user able to delete devices without delete device privileges
First published: Tue Jan 15 2019(Updated: )
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Networks Junos Space | =13.3-r1 | |
| Juniper Networks Junos Space | =13.3-r2 | |
| Juniper Networks Junos Space | =13.3-r3 | |
| Juniper Networks Junos Space | =13.3-r4 | |
| Juniper Networks Junos Space | =14.1 | |
| Juniper Networks Junos Space | =14.1-r1 | |
| Juniper Networks Junos Space | =14.1-r2 | |
| Juniper Networks Junos Space | =14.1-r3 | |
| Juniper Networks Junos Space | =15.1-r1 | |
| Juniper Networks Junos Space | =15.1-r2 | |
| Juniper Networks Junos Space | =15.1-r3 | |
| Juniper Networks Junos Space | =15.1-r4 | |
| Juniper Networks Junos Space | =15.2 | |
| Juniper Networks Junos Space | =15.2-r1 | |
| Juniper Networks Junos Space | =15.2-r2 | |
| Juniper Networks Junos Space | =16.1 | |
| Juniper Networks Junos Space | =16.1-r1 | |
| Juniper Networks Junos Space | =16.1-r2 | |
| Juniper Networks Junos Space | =16.1-r3 | |
| Juniper Networks Junos Space | =17.1-r1 | |
| Juniper Networks Junos Space | =17.2-r1.4 | |
| Juniper Networks Junos Space | =18.1-r1 | |
| Juniper Networks Junos Space | =18.2-r1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0016?
CVE-2019-0016 has a severity rating of high due to unauthorized device deletion risks.
How do I fix CVE-2019-0016?
To fix CVE-2019-0016, upgrade to the latest patched version of Junos Space as recommended by Juniper.
Who is affected by CVE-2019-0016?
CVE-2019-0016 affects authenticated users of Junos Space running specific versions listed in the advisory.
What versions of Junos Space are vulnerable to CVE-2019-0016?
Versions 13.3-r1 through 18.2-r1 of Junos Space are vulnerable to CVE-2019-0016.
What types of attacks does CVE-2019-0016 allow?
CVE-2019-0016 allows an attacker to delete devices from the database without proper privileges.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper networks junos space
- version/juniper networks junos space/13.3-r1
- version/juniper networks junos space/13.3-r2
- version/juniper networks junos space/13.3-r3
- version/juniper networks junos space/13.3-r4
- version/juniper networks junos space/14.1
- version/juniper networks junos space/14.1-r1
- version/juniper networks junos space/14.1-r2
- version/juniper networks junos space/14.1-r3
- version/juniper networks junos space/15.1-r1
- version/juniper networks junos space/15.1-r2
- version/juniper networks junos space/15.1-r3
- version/juniper networks junos space/15.1-r4
- version/juniper networks junos space/15.2
- version/juniper networks junos space/15.2-r1
- version/juniper networks junos space/15.2-r2
- version/juniper networks junos space/16.1
- version/juniper networks junos space/16.1-r1
- version/juniper networks junos space/16.1-r2
- version/juniper networks junos space/16.1-r3
- version/juniper networks junos space/17.1-r1
- version/juniper networks junos space/17.2-r1.4
- version/juniper networks junos space/18.1-r1
- version/juniper networks junos space/18.2-r1