Description
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10727
Scores
CVSS v3
9.8
EPSS
0.0100
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-255
CWE-352
Status
published
Products (2)
juniper/junos_space
< 15.1r2
Juniper Networks/Junos OS
all versions prior to 15.1R2
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026