CVE-2019-0017: Junos Space: Unrestricted file upload vulnerability
First published: Tue Jan 15 2019(Updated: )
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Networks Junos Space | =13.3-r1 | |
| Juniper Networks Junos Space | =13.3-r2 | |
| Juniper Networks Junos Space | =13.3-r3 | |
| Juniper Networks Junos Space | =13.3-r4 | |
| Juniper Networks Junos Space | =14.1 | |
| Juniper Networks Junos Space | =14.1-r1 | |
| Juniper Networks Junos Space | =14.1-r2 | |
| Juniper Networks Junos Space | =14.1-r3 | |
| Juniper Networks Junos Space | =15.1-r1 | |
| Juniper Networks Junos Space | =15.1-r2 | |
| Juniper Networks Junos Space | =15.1-r3 | |
| Juniper Networks Junos Space | =15.1-r4 | |
| Juniper Networks Junos Space | =15.2 | |
| Juniper Networks Junos Space | =15.2-r1 | |
| Juniper Networks Junos Space | =15.2-r2 | |
| Juniper Networks Junos Space | =16.1 | |
| Juniper Networks Junos Space | =16.1-r1 | |
| Juniper Networks Junos Space | =16.1-r2 | |
| Juniper Networks Junos Space | =16.1-r3 | |
| Juniper Networks Junos Space | =17.1-r1 | |
| Juniper Networks Junos Space | =17.2-r1.4 | |
| Juniper Networks Junos Space | =18.1-r1 | |
| Juniper Networks Junos Space | =18.2-r1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0017?
The CVE-2019-0017 vulnerability has a high severity rating due to insufficient validation checks allowing malicious content uploads.
How do I fix CVE-2019-0017?
To fix CVE-2019-0017, upgrade to Junos Space version 18.3R1 or later.
Which versions of Junos Space are affected by CVE-2019-0017?
Junos Space versions prior to 18.3R1 are affected by CVE-2019-0017.
What risks are associated with CVE-2019-0017?
CVE-2019-0017 poses risks of unauthorized malicious file uploads that could compromise the environment.
Is there a patch available for CVE-2019-0017?
Yes, a patch is available in the form of an upgrade to Junos Space version 18.3R1 or later.
- agent/type
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/juniper
- canonical/juniper networks junos space
- version/juniper networks junos space/13.3-r1
- version/juniper networks junos space/13.3-r2
- version/juniper networks junos space/13.3-r3
- version/juniper networks junos space/13.3-r4
- version/juniper networks junos space/14.1
- version/juniper networks junos space/14.1-r1
- version/juniper networks junos space/14.1-r2
- version/juniper networks junos space/14.1-r3
- version/juniper networks junos space/15.1-r1
- version/juniper networks junos space/15.1-r2
- version/juniper networks junos space/15.1-r3
- version/juniper networks junos space/15.1-r4
- version/juniper networks junos space/15.2
- version/juniper networks junos space/15.2-r1
- version/juniper networks junos space/15.2-r2
- version/juniper networks junos space/16.1
- version/juniper networks junos space/16.1-r1
- version/juniper networks junos space/16.1-r2
- version/juniper networks junos space/16.1-r3
- version/juniper networks junos space/17.1-r1
- version/juniper networks junos space/17.2-r1.4
- version/juniper networks junos space/18.1-r1
- version/juniper networks junos space/18.2-r1