OpenCVE

Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos Space Junos Space Ja1500 Appliance Junos Space Virtual Appliance

Configuration 1 [-]

AND

OR	cpe:2.3:a:juniper:junos_space::::::::
	cpe:2.3:a:juniper:junos_space:1.0:::::::*
	cpe:2.3:a:juniper:junos_space:1.1:::::::*
	cpe:2.3:a:juniper:junos_space:1.2:::::::*
	cpe:2.3:a:juniper:junos_space:1.3:::::::*
	cpe:2.3:a:juniper:junos_space:1.4:::::::*
	cpe:2.3:a:juniper:junos_space:2.0:::::::*
	cpe:2.3:a:juniper:junos_space:11.1:::::::*
	cpe:2.3:a:juniper:junos_space:11.2:::::::*
	cpe:2.3:a:juniper:junos_space:11.3:::::::*
	cpe:2.3:a:juniper:junos_space:11.4:::::::*
	cpe:2.3:a:juniper:junos_space:12.1:::::::*
	cpe:2.3:a:juniper:junos_space:12.2:::::::*

OR	cpe:2.3:a:juniper:junos_space_virtual_appliance:-:::::::*
	cpe:2.3:h:juniper:junos_space_ja1500_appliance:-:::::::*

No data.

References

Link	Providers
http://osvdb.org/93112
http://www.securityfocus.com/bid/59760
https://exchange.xforce.ibmcloud.com/vulnerabilities/84109
https://kb.juniper.net/KB27374

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-05-08T23:00:00

Updated: 2024-08-06T16:14:54.655Z

Reserved: 2013-05-07T00:00:00

Link: CVE-2013-3497

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-05-08T23:55:01.083

Modified: 2017-08-29T01:33:24.340

Link: CVE-2013-3497

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "59760", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59760"}, {"name": "93112", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/93112"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/KB27374"}, {"name": "juniper-cve20133497-info-disc(84109)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84109"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "59760", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59760"}, {"name": "93112", "refsource": "OSVDB", "url": "http://osvdb.org/93112"}, {"name": "https://kb.juniper.net/KB27374", "refsource": "CONFIRM", "url": "https://kb.juniper.net/KB27374"}, {"name": "juniper-cve20133497-info-disc(84109)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84109"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:54.655Z"}, "title": "CVE Program Container", "references": [{"name": "59760", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/59760"}, {"name": "93112", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/93112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/KB27374"}, {"name": "juniper-cve20133497-info-disc(84109)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84109"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3497", "datePublished": "2013-05-08T23:00:00", "dateReserved": "2013-05-07T00:00:00", "dateUpdated": "2024-08-06T16:14:54.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB928408-42EF-4B91-BC4C-AE1507235B2B", "versionEndIncluding": "12.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "289CAAE5-882C-4236-BF76-B20F8A7F3014", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA36F3E8-0F58-4635-843C-B3C62FD48682", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CEA96869-72CF-49D2-94E1-4FF8102A29CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "21DA6F2F-72F5-4D3A-AB4C-2C5D56C615FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6CF9AF7-A335-4C05-9F45-08253A521D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "87F7E9A7-CA85-4F4D-8F0C-DF0C79A80B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "61A323AE-7C8D-49F3-BB47-15DEBAFC86BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "EAEC058B-C096-455B-9A75-5191E00A367D", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6E79208-AF42-48D9-990C-E2E2E1DE8E1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA5E2C05-12C0-48B6-BE84-0A045B2A2B91", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "167749D0-F3B8-48F3-BFC8-37A531E48C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C754E5-ACBB-45DE-B983-0888A8EB7CD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_space_virtual_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AE8EA74-6BD3-461C-9D08-EF1024EC0E5A", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:junos_space_ja1500_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "C58939FC-742F-4A93-8977-6953B32E6817", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen."}, {"lang": "es", "value": "Juniper Junos Space antes de v12.3P2.8, tal como se utiliza en el JA1500 y en otros contextos, incluye una contrase\u00f1a de texto en una pesta\u00f1a de configuraci\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes f\u00edsicamente pr\u00f3ximos a obtener la contrase\u00f1a mediante la lectura de la pantalla de estaci\u00f3n de trabajo."}], "id": "CVE-2013-3497", "lastModified": "2017-08-29T01:33:24.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-08T23:55:01.083", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/93112"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/59760"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84109"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/KB27374"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}