CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1.

CVSS v3 6.8 MEDIUM
CVSS v2.0 3.5 LOW

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.juniper.net/JSA11110	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:juniper:junos_space:1.0:::::::*
	cpe:2.3:a:juniper:junos_space:1.1:::::::*
	cpe:2.3:a:juniper:junos_space:1.2:::::::*
	cpe:2.3:a:juniper:junos_space:1.3:::::::*
	cpe:2.3:a:juniper:junos_space:1.4:::::::*
	cpe:2.3:a:juniper:junos_space:2.0:::::::*
	cpe:2.3:a:juniper:junos_space:11.1:::::::*
	cpe:2.3:a:juniper:junos_space:11.2:::::::*
	cpe:2.3:a:juniper:junos_space:11.3:::::::*
	cpe:2.3:a:juniper:junos_space:11.4:::::::*
	cpe:2.3:a:juniper:junos_space:12.1:::::::*
	cpe:2.3:a:juniper:junos_space:12.2:::::::*
	cpe:2.3:a:juniper:junos_space:12.3:::::::*
	cpe:2.3:a:juniper:junos_space:13.1:-::::::
	cpe:2.3:a:juniper:junos_space:13.1:r1.8::::::
	cpe:2.3:a:juniper:junos_space:13.3:r3::::::
	cpe:2.3:a:juniper:junos_space:14.1:-::::::
	cpe:2.3:a:juniper:junos_space:15.1:-::::::
	cpe:2.3:a:juniper:junos_space:15.1:r2::::::
	cpe:2.3:a:juniper:junos_space:15.1:r4::::::
	cpe:2.3:a:juniper:junos_space:15.2:-::::::
	cpe:2.3:a:juniper:junos_space:16.1:-::::::
	cpe:2.3:a:juniper:junos_space:17.1:-::::::
	cpe:2.3:a:juniper:junos_space:17.2:-::::::
	cpe:2.3:a:juniper:junos_space:17.2:r1.4::::::
	cpe:2.3:a:juniper:junos_space:18.1:-::::::
	cpe:2.3:a:juniper:junos_space:18.1r1:::::::*
	cpe:2.3:a:juniper:junos_space:18.2:-::::::
	cpe:2.3:a:juniper:junos_space:18.3:-::::::
	cpe:2.3:a:juniper:junos_space:18.4:-::::::
	cpe:2.3:a:juniper:junos_space:19.1:-::::::
	cpe:2.3:o:juniper:junos_space:15.1:r1::::::
	cpe:2.3:o:juniper:junos_space:15.2:r1::::::
	cpe:2.3:o:juniper:junos_space:16.1:::::::*
	cpe:2.3:o:juniper:junos_space:17.2:::::::*
	cpe:2.3:o:juniper:junos_space:18.1:r1::::::
	cpe:2.3:o:juniper:junos_space:18.2:r1::::::
	cpe:2.3:o:juniper:junos_space:18.3:r1::::::
	cpe:2.3:o:juniper:junos_space:18.4:r1::::::
	cpe:2.3:o:juniper:junos_space:19.1:r1::::::
	cpe:2.3:o:juniper:junos_space:19.2:r1::::::
	cpe:2.3:o:juniper:junos_space:19.3:r1::::::
	cpe:2.3:o:juniper:junos_space:19.4:r1::::::
	cpe:2.3:o:juniper:junos_space:20.1:r1::::::

History

No history.

Information

Published : 2021-01-15 18:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-0220

Mitre link : CVE-2021-0220

CVE.ORG link : CVE-2021-0220

JSON object : View

Products Affected

juniper

junos_space

CWE

CWE-522

Insufficiently Protected Credentials

CWE-257

Storing Passwords in a Recoverable Format

6.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-0220

6.8^/10

3.5^/10

Attach tags to `CVE-2021-0220`