In Junos Space, nobody can hear you patch
26 Apr 2016 at 03:33, Richard Chirgwin Juniper Networks sysadmins can add Junos Space network management patches to their to-do list.
The gin palace says “any product or platform running Junos Space before 15.2R1” has the privilege escalation vulnerabilities, adding that “Attack vectors include: cross site request forgeries (CSRF), default authentication credentials, information leak and command injection”.
The remotely-exploitable bugs, turned up by the company's internal code review, include six vectors inherited from Oracle's Java SE (CVE-2015-4748, CVE-2015-2601, CVE-2015-2613, CVE-2015-4749, CVE-2015-2625 and CVE-2015-2659). These have been fixed with an upgrade to the Oracle Java runtime, to 1.7.0 update 85.
Full Article