CVE-2020-1611

MEDIUM

Juniper Networks Junos Space <19.4R1 - Local File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1611. PoCs published by Ibonok.

AI-analyzed exploit summary This PoC demonstrates a local file inclusion vulnerability in Juniper Junos Space prior to 19.4R1. The exploit leverages the 'Download Report' function by manipulating the 'FileUrl' and 'Format' parameters to retrieve arbitrary files from the system.

Description

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.

Exploits (1)

nomisec WORKING POC 29 stars
by Ibonok · poc
https://github.com/Ibonok/CVE-2020-1611

This PoC demonstrates a local file inclusion vulnerability in Juniper Junos Space prior to 19.4R1. The exploit leverages the 'Download Report' function by manipulating the 'FileUrl' and 'Format' parameters to retrieve arbitrary files from the system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Juniper Junos Space prior to 19.4R1
Auth required
Prerequisites: Valid user credentials · Access to the 'Download Report' function
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.juniper.net/JSA10993

Scores

CVSS v3 6.5
EPSS 0.0167
EPSS Percentile 73.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (9)
juniper/junos_space 17.1 r1
juniper/junos_space 17.2 r1
juniper/junos_space 18.1 r1
juniper/junos_space 18.2 r1
juniper/junos_space 18.3 r1
juniper/junos_space 18.4 r1
juniper/junos_space 19.1 r1
juniper/junos_space 19.2 r1
juniper/junos_space 19.3 r1
Published Jan 15, 2020
Tracked Since Feb 18, 2026