CVE-2019-0016

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 18.3R1

Description The issue is related to insufficient access control in the Juniper Networks Junos Space platform. It allows a malicious authenticated user to delete a device from the Junos Space database without the necessary privileges. This can be achieved through crafted Ajax interactions, potentially obtained from another legitimate delete action performed by another administrative user.

Recommendations For Juniper Networks Junos Space versions prior to 18.3R1, update to version 18.3R1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ajax interactions used for device deletion to minimize the risk of exploitation.