Description
The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10917
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
45.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-434
Status
published
Products (9)
juniper/junos_space
13.3 r1 (4 CPE variants)
juniper/junos_space
14.1 (4 CPE variants)
juniper/junos_space
15.1 r1 (4 CPE variants)
juniper/junos_space
15.2 (3 CPE variants)
juniper/junos_space
16.1 (4 CPE variants)
juniper/junos_space
17.1 r1
juniper/junos_space
17.2 r1.4
juniper/junos_space
18.1 r1
juniper/junos_space
18.2 r1
Published
Jan 15, 2019
Tracked Since
Feb 18, 2026