Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2016-10 Security Bulletin: Junos Space: Multiple vulnerabilities

0

0

Article ID: JSA10760 SECURITY_ADVISORIES Last Updated: 17 Mar 2017Version: 2.0
Product Affected:
These issues can affect any product or platform running Junos Space before 15.2R2
Problem:

Multiple vulnerabilities have been resolved in Junos Space 15.2R2 release.

CVE CVSS base score Summary
CVE-2016-4926 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Insufficient authentication vulnerability in Junos Space may allow remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVE-2016-4927 9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) Insufficient validation of SSH keys in Junos Space may allow man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
CVE-2016-4928 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) Cross site request forgery vulnerability in Junos Space may allow remote attackers to perform certain administrative actions on Junos Space.
CVE-2016-4929 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Command injection vulnerability in Junos Space may allow unprivileged users to execute code as root user on the device.
CVE-2016-4930 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Cross site scripting vulnerability may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.
CVE-2016-4931 5.3 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) XML entity injection vulnerability may allow unprivileged users to cause a denial of service condition.

In addition to the above a vulnerability in Apache Commons Collections that can potentially allow remote code execution during object de-serialization is fixed by upgrading Apache Commons Collections to 3.2.2. This vulnerability is not exposed and is not exploitable on Junos Space, however the underlaying library is upgraded to eliminate all risks.

Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities.

Many of these issues were found during internal product testing.

Solution:
These issues have been resolved in Junos Space 15.2R2 and all subsequent releases.

These issues are being tracked as 954495, 975358, 975426, 975445, 975447, 975457, 975466, 975472, 975473, 975474, 975491, 975502, 975506, 975509, 975510, 975516, 975518, 975530, 975534, 983931, 983945, 983960, 983964, 1049736, 1049737, 1105605, 1138099, 1164153, 1165549 and are visible on the Customer Support website.
Workaround:

  • Limit access to Junos Space from only trusted networks.
  • Use administrative jump boxes with no internet access and employ anti-scripting techniques.
  • In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts.

Implementation:
How to obtain fixed software:
Junos Space Maintenance Releases are available at http://support.juniper.net from the "Download Software" links. If a Maintenance Release is not adequate and access to Junos Space patches is needed, open a customer support case. A JTAC engineer will review your request and respond, ensuring that you will be provided with the most appropriate Patch Release for your specific situation.

Modification History:
Modification History:

2016-10-12: Initial publication

CVSS Score:
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Severity Level:
Critical

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search