Multiple vulnerabilities in Junos Space



Published: 2021-08-18 | Updated: 2022-01-17
Risk High
Patch available YES
Number of vulnerabilities 35
CVE-ID CVE-2019-19532
CVE-2021-20305
CVE-2020-28374
CVE-2020-29573
CVE-2020-29661
CVE-2020-7053
CVE-2021-20265
CVE-2021-20277
CVE-2021-2163
CVE-2020-25656
CVE-2021-25215
CVE-2021-26937
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-27803
CVE-2020-25705
CVE-2020-25645
CVE-2019-25013
CVE-2020-14318
CVE-2020-0427
CVE-2020-10029
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-13765
CVE-2020-14323
CVE-2020-25211
CVE-2020-14351
CVE-2020-14364
CVE-2020-1472
CVE-2020-15862
CVE-2020-16092
CVE-2020-1971
CVE-2020-1983
CWE-ID CWE-787
CWE-327
CWE-22
CWE-667
CWE-416
CWE-400
CWE-125
CWE-20
CWE-617
CWE-88
CWE-200
CWE-264
CWE-119
CWE-399
CWE-330
CWE-319
CWE-121
CWE-190
CWE-476
CWE-732
Exploitation vector Network
Public exploit Public exploit code for vulnerability #17 is available.
Public exploit code for vulnerability #30 is available.
Vulnerability #31 is being exploited in the wild.
Public exploit code for vulnerability #34 is available.
Public exploit code for vulnerability #35 is available.
Vulnerable software
Subscribe
Juniper Junos Space
Server applications / Remote management servers, RDP, SSH

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 35 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU24440

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19532

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU52195

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20305

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Path traversal

EUVDB-ID: #VU49914

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28374

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU50362

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29573

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary within the sysdeps/i386/ldbl2mpn.c in the GNU C Library on x86  systems. A remote attacker can pass specially crafted data to the application that uses the vulnerable version of glibc and crash it.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU24711

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_ppgtt_close() function in drivers/gpu/drm/i915/i915_gem_gtt.c, related to i915_gem_context_destroy_ioctl() call in drivers/gpu/drm/i915/i915_gem_context.c. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

EUVDB-ID: #VU51548

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20265

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU51701

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20277

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in ldb_handler_fold() function when processing multiple consecutive leading spaces within LDAP query. A remote user can send a specially crafted LDAP query, trigger out-of-bounds read error and crash the LDAP server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU52449

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2163

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU51547

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Reachable Assertion

EUVDB-ID: #VU52736

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25215

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing DNAME records. A remote attacker can force named to add the same RRset to the ANSWER section more than once, trigger an assertion failure and crash the service. Both authoritative and recursive servers are affected by this issue during zone transfers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Neutralization of Argument Delimiters in a Command

EUVDB-ID: #VU50842

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26937

CWE-ID: CWE-88 - Argument Injection or Modification

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect processing of user-supplied data in the encoding.c file. A remote attacker can pass specially crafted UTF-8 character sequence to the GNU Screen application and perform a denial of service attack or execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU51453

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27363

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51452

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27364

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU51451

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27365

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU55968

Risk: Medium

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27803

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when processing P2P (Wi-Fi Direct) provision discovery requests in p2p/p2p_pd in wpa_supplicant. A remote attacker within radio range can send specially crafted request to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use of insufficiently random values

EUVDB-ID: #VU49150

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Cleartext transmission of sensitive information

EUVDB-ID: #VU51546

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25645

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU50329

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-25013

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU47990

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14318

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU47057

Risk: Medium

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0427

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a use after free when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stack-based buffer overflow

EUVDB-ID: #VU26388

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10029

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Integer overflow

EUVDB-ID: #VU29014

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10543

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Integer overflow

EUVDB-ID: #VU29015

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10878

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU29016

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12723

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.

The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU31806

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13765

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in rom_copy() in hw/core/loader.c. A local user on the guest operating system can create a specially data to the application, trigger out-of-bounds write and execute arbitrary code on the host system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU47991

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14323

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU51545

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25211

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU51544

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14351

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds write

EUVDB-ID: #VU45985

Risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-14364

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error within the USB emulator in QEMU. A remote user with access to guest operating system on the guest operating system can send specially crafted USB packets, trigger out-of-bounds write and execute arbitrary code on the host system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

31) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU45628

Risk: High

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-1472

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Netlogon. A remote non-authenticated attacker can use MS-NRPC to connect to a domain controller to obtain domain administrator access. This vulnerability was dubbed ZeroLogon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

32) Incorrect permission assignment for critical resource

EUVDB-ID: #VU45745

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15862

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to insecure permissions set by the Net-snmp installed on Debian-based systems. A remote user can overwrite files in net-snmp directory via EXTEND MIB and execute arbitrary code on the system with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Reachable Assertion

EUVDB-ID: #VU44163

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16092

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing certain network packets on "e1000e" and "vmxnet3" devices in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c. A remote attacker on a guest operating system can send a specially crafted packet that will result in hypervisor crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU48896

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-1971

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

35) Use-after-free

EUVDB-ID: #VU27389

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-1983

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when processing packets within the ip_reass() function in ip_input.c in libslirp. A remote attacker can send a specially crafted packet to the application, trigger a use-after-free error and crash it.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Juniper Junos Space: before 21.2R1

CPE2.3 External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11206&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###