CVE-2018-0012 - Vulnerability Details - OpenCVE

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos Space

Configuration 1 [-]

cpe:2.3:o:juniper:junos_space:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-0837	Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases.

Workaround

Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.

References

Link	Providers
http://www.securitytracker.com/id/1040189
https://kb.juniper.net/JSA10838

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2018-01-10T22:00:00Z

Updated: 2024-09-16T19:56:44.250Z

Reserved: 2017-11-16T00:00:00

Link: CVE-2018-0012

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-10T22:29:01.367

Modified: 2024-11-21T03:37:21.340

Link: CVE-2018-0012

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Junos Space", "vendor": "Juniper Networks", "versions": [{"lessThan": "17.2R1", "status": "affected", "version": "All", "versionType": "custom"}]}], "datePublic": "2018-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-16T10:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10838"}, {"name": "1040189", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040189"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."}], "source": {"advisory": "JSA10838", "defect": ["1296620"], "discovery": "INTERNAL"}, "title": "Junos Space: Local privilege escalation vulnerability in Junos Space", "workarounds": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2018-01-10T17:00:00.000Z", "ID": "CVE-2018-0012", "STATE": "PUBLIC", "TITLE": "Junos Space: Local privilege escalation vulnerability in Junos Space"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos Space", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "All", "version_value": "17.2R1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10838", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10838"}, {"name": "1040189", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040189"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."}], "source": {"advisory": "JSA10838", "defect": ["1296620"], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:15.913Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA10838"}, {"name": "1040189", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040189"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2018-0012", "datePublished": "2018-01-10T22:00:00Z", "dateReserved": "2017-11-16T00:00:00", "dateUpdated": "2024-09-16T19:56:44.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "600DCE5E-D5EC-49D9-969C-DC48F0110AF1", "versionEndIncluding": "17.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."}, {"lang": "es", "value": "Junos Space se ve afectado por una vulnerabilidad de escalado de privilegios que podr\u00eda permitir que un atacante local autenticado obtenga privilegios root."}], "id": "CVE-2018-0012", "lastModified": "2024-11-21T03:37:21.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T22:29:01.367", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040189"}, {"source": "sirt@juniper.net", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10838"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}