Unrated severityNVD Advisory· Published Jan 15, 2019· Updated Sep 16, 2024
Junos Space: Authenticated user able to delete devices without delete device privileges
CVE-2019-0016
Description
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1.
Affected products
2<18.3R1+ 1 more
- (no CPE)range: <18.3R1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- kb.juniper.net/JSA10917mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.