CVE-2019-0016
MEDIUMJuniper Networks Junos Space <18.3R1 - Privilege Escalation
Title source: llmDescription
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10917
Scores
CVSS v3
6.5
EPSS
0.0017
EPSS Percentile
37.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (9)
juniper/junos_space
13.3 r1 (4 CPE variants)
juniper/junos_space
14.1 (4 CPE variants)
juniper/junos_space
15.1 r1 (4 CPE variants)
juniper/junos_space
15.2 (3 CPE variants)
juniper/junos_space
16.1 (4 CPE variants)
juniper/junos_space
17.1 r1
juniper/junos_space
17.2 r1.4
juniper/junos_space
18.1 r1
juniper/junos_space
18.2 r1
Published
Jan 15, 2019
Tracked Since
Feb 18, 2026