What is the severity of CVE-2021-0220?

CVE-2021-0220 has a medium severity level due to the potential exposure of shared secrets.

How do I fix CVE-2021-0220?

To fix CVE-2021-0220, update your Junos Space Network Management Platform to the latest version containing the security patch.

What versions of Junos Space are affected by CVE-2021-0220?

CVE-2021-0220 affects multiple versions of Junos Space from 1.0 to 20.1, so verify your version against the affected list.

What impact does CVE-2021-0220 have on security?

CVE-2021-0220 can lead to unauthorized access to shared secrets if an attacker executes arbitrary code or gains access to cached data.

Is there a workaround for CVE-2021-0220 if I can't update immediately?

Currently, there are no documented workarounds for CVE-2021-0220 other than applying the available security updates.

Vulnerability/
CVE-2021-0220

medium

6.8

CWE

522 257 79

15/1/2021

16/9/2024

CVE-2021-0220: Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI

First published: Fri Jan 15 2021(Updated: )

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Networks Junos Space	=1.0
Juniper Networks Junos Space	=1.1
Juniper Networks Junos Space	=1.2
Juniper Networks Junos Space	=1.3
Juniper Networks Junos Space	=1.4
Juniper Networks Junos Space	=2.0
Juniper Networks Junos Space	=11.1
Juniper Networks Junos Space	=11.2
Juniper Networks Junos Space	=11.3
Juniper Networks Junos Space	=11.4
Juniper Networks Junos Space	=12.1
Juniper Networks Junos Space	=12.2
Juniper Networks Junos Space	=12.3
Juniper Networks Junos Space	=13.1
Juniper Networks Junos Space	=13.1-r1.8
Juniper Networks Junos Space	=13.3-r3
Juniper Networks Junos Space	=14.1
Juniper Networks Junos Space	=15.1
Juniper Networks Junos Space	=15.1-r2
Juniper Networks Junos Space	=15.1-r4
Juniper Networks Junos Space	=15.2
Juniper Networks Junos Space	=16.1
Juniper Networks Junos Space	=17.1
Juniper Networks Junos Space	=17.2
Juniper Networks Junos Space	=17.2-r1.4
Juniper Networks Junos Space	=18.1
Juniper Networks Junos Space	=18.1r1
Juniper Networks Junos Space	=18.2
Juniper Networks Junos Space	=18.3
Juniper Networks Junos Space	=18.4
Juniper Networks Junos Space	=19.1
Juniper Networks Junos Space	=15.1-r1
Juniper Networks Junos Space	=15.2-r1
Juniper Networks Junos Space	=16.1
Juniper Networks Junos Space	=17.2
Juniper Networks Junos Space	=18.1-r1
Juniper Networks Junos Space	=18.2-r1
Juniper Networks Junos Space	=18.3-r1
Juniper Networks Junos Space	=18.4-r1
Juniper Networks Junos Space	=19.1-r1
Juniper Networks Junos Space	=19.2-r1
Juniper Networks Junos Space	=19.3-r1
Juniper Networks Junos Space	=19.4-r1
Juniper Networks Junos Space	=20.1-r1

Remedy

The following software releases have been updated to resolve these specific issues: Junos Space 20.3R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11110

Frequently Asked Questions

What is the severity of CVE-2021-0220?
CVE-2021-0220 has a medium severity level due to the potential exposure of shared secrets.
How do I fix CVE-2021-0220?
To fix CVE-2021-0220, update your Junos Space Network Management Platform to the latest version containing the security patch.
What versions of Junos Space are affected by CVE-2021-0220?
CVE-2021-0220 affects multiple versions of Junos Space from 1.0 to 20.1, so verify your version against the affected list.
What impact does CVE-2021-0220 have on security?
CVE-2021-0220 can lead to unauthorized access to shared secrets if an attacker executes arbitrary code or gains access to cached data.
Is there a workaround for CVE-2021-0220 if I can't update immediately?
Currently, there are no documented workarounds for CVE-2021-0220 other than applying the available security updates.

agent/type
agent/softwarecombine
agent/title
agent/weakness
agent/references
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/juniper
canonical/juniper networks junos space
version/juniper networks junos space/1.0
version/juniper networks junos space/1.1
version/juniper networks junos space/1.2
version/juniper networks junos space/1.3
version/juniper networks junos space/1.4
version/juniper networks junos space/2.0
version/juniper networks junos space/11.1
version/juniper networks junos space/11.2
version/juniper networks junos space/11.3
version/juniper networks junos space/11.4
version/juniper networks junos space/12.1
version/juniper networks junos space/12.2
version/juniper networks junos space/12.3
version/juniper networks junos space/13.1
version/juniper networks junos space/13.1-r1.8
version/juniper networks junos space/13.3-r3
version/juniper networks junos space/14.1
version/juniper networks junos space/15.1
version/juniper networks junos space/15.1-r2
version/juniper networks junos space/15.1-r4
version/juniper networks junos space/15.2
version/juniper networks junos space/16.1
version/juniper networks junos space/17.1
version/juniper networks junos space/17.2
version/juniper networks junos space/17.2-r1.4
version/juniper networks junos space/18.1
version/juniper networks junos space/18.1r1
version/juniper networks junos space/18.2
version/juniper networks junos space/18.3
version/juniper networks junos space/18.4
version/juniper networks junos space/19.1
version/juniper networks junos space/15.1-r1
version/juniper networks junos space/15.2-r1
version/juniper networks junos space/18.1-r1
version/juniper networks junos space/18.2-r1
version/juniper networks junos space/18.3-r1
version/juniper networks junos space/18.4-r1
version/juniper networks junos space/19.1-r1
version/juniper networks junos space/19.2-r1
version/juniper networks junos space/19.3-r1
version/juniper networks junos space/19.4-r1
version/juniper networks junos space/20.1-r1