Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804.
References
Link | Resource |
---|---|
http://kb.juniper.net/JSA10585 | Vendor Advisory |
http://www.securityfocus.com/bid/61794 | |
http://www.securitytracker.com/id/1028923 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-08-16 07:01
Updated : 2013-09-11 20:37
NVD link : CVE-2013-5096
Mitre link : CVE-2013-5096
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
juniper
- junos_space_ja1500_appliance
- junos_space_virtual_appliance
- junos_space