CVE-2016-1265

critical

Published 2017-10-13 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: sirt@juniper.net — https://kb.juniper.net/JSA10727

Application impact

Vendor	Product	Versions	Fixed
juniper	junos_space	`{"endIncluding":"15.1r2"}`

References

https://kb.juniper.net/JSA10727
https://kb.juniper.net/JSA10727

CWEs

CWE-200 CWE-255 CWE-352

Verify integrity in audit chain (admin only). AS-IS.