CVE-2021-0220 – Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
https://notcve.org/view.php?id=CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. Se ha encontrado que Junos Space Network Management Platform almacena secretos compartidos en un formato recuperable que puede ser expuesto por medio de la Interfaz de Usuario. • https://kb.juniper.net/JSA11110 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2018-0012 – Junos Space: Local privilege escalation vulnerability in Junos Space
https://notcve.org/view.php?id=CVE-2018-0012
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Junos Space se ve afectado por una vulnerabilidad de escalado de privilegios que podría permitir que un atacante local autenticado obtenga privilegios root. • http://www.securitytracker.com/id/1040189 https://kb.juniper.net/JSA10838 •
CVE-2017-10612 – Junos Space: Persistent Cross site scripting in Junos Space
https://notcve.org/view.php?id=CVE-2017-10612
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Una vulnerabilidad de Site Scripting persistente en Juniper Networks Junos Space permite a los usuarios que pueden cambiar determinadas configuraciones implantar código JavaScript o HTML malicioso que se puede utilizar para robar información o realizar acciones como otros usuarios o administradores de Junos Space. Las distribuciones afectadas son: Juniper Networks Junos Space en todas sus versiones anteriores a la 17.1R1. • http://www.securityfocus.com/bid/101256 https://kb.juniper.net/JSA10826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-10623 – Junos Space: Insufficient verification of cluster messages
https://notcve.org/view.php?id=CVE-2017-10623
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Falta de autenticación y autorización de mensajes de clústeres en Juniper Networks Junos Space podría permitir que un tipo de atacante Man-in-the-Middle (MitM) intercepte, inyecte o interrumpa las operaciones de los clústeres de Junos Space entre dos nodos. Las distribuciones afectadas son: Juniper Networks Junos Space en todas sus versiones anteriores a la 17.1R1. • https://kb.juniper.net/JSA10826 • CWE-287: Improper Authentication •
CVE-2017-10624 – Junos Space: Insufficient verification of node certificates.
https://notcve.org/view.php?id=CVE-2017-10624
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Verificación insuficiente de los certificados de los nodos en Juniper Networks Junos Space puede permitir que un tipo de atacante Man-in-the-Middle (MitM) realice modificaciones no autorizadas a la base de datos Space o añada nodos. Las distribuciones afectadas son: Juniper Networks Junos Space en todas sus versiones anteriores a la 17.1R1. • http://www.securityfocus.com/bid/101255 https://kb.juniper.net/JSA10826 • CWE-345: Insufficient Verification of Data Authenticity •