PT-2021-12937 · Juniper Networks · Junos Space Network Management Platform

Published

2021-01-15

Updated

2021-01-26

CVE-2021-0220

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Junos Space Network Management Platform versions prior to 20.3R1

Description: The issue allows an attacker to obtain a copy of credentials managed by Junos Space if they can execute arbitrary code in the victim's browser or access cached contents. This could be achieved through methods like XSS. A successful attack may result in obtaining access to other servers connected to the Junos Space Management Platform.

Recommendations: For versions prior to 20.3R1, update to version 20.3R1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Junos Space UI and limiting the execution of arbitrary code in the victim's browser to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-257CWE-522

Related Identifiers

CVE-2021-0220

Affected Products

Junos Space Network Management Platform

PT-2021-12937 · Juniper Networks · Junos Space Network Management Platform

CVE-2021-0220

Weakness Enumeration

Related Identifiers

Affected Products

References · 3