Vulnerability Details : CVE-2013-5097
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462.
Exploit prediction scoring system (EPSS) score for CVE-2013-5097
Probability of exploitation activity in the next 30 days: 0.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-5097
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5097
-
http://kb.juniper.net/JSA10585
Juniper Networks - 2013-08 Security Bulletin: Junos Space: Multiple VulnerabilitiesPatch
-
http://www.securitytracker.com/id/1028923
Juniper Junos Space Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Modify the Configuration and Obtain Authentication Information - SecurityTracker
Products affected by CVE-2013-5097
- cpe:2.3:a:juniper:junos_space:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space:12.3:*:*:*:*:*:*:*
- cpe:2.3:h:juniper:junos_space_ja1500_appliance:-:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:junos_space_virtual_appliance:-:*:*:*:*:*:*:*