Multiple vulnerabilities in Juniper Junos Space

Published: 2018-02-12

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2018-0012 CVE-2018-0001
CWE-ID	CWE-264 CWE-416
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Juniper Junos Space Server applications / Remote management servers, RDP, SSH
Vendor	Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU10450

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0012

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. A local attacker can gain elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: 16.1 - 17.2

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU10452

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0001

CWE-ID: CWE-416 - Use After Free