Vulnerability-Lookup

CVE-2017-10602 (GCVE-0-2017-10602)

Vulnerability from cvelistv5 – Published: 2017-07-14 14:00 – Updated: 2024-09-17 02:11

Title

Junos OS: buffer overflow vulnerability in Junos CLI

Summary

Severity ?

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

buffer overflow in Junos CLI

Assigner

juniper

References

URL

Tags

	http://www.securitytracker.com/id/1038900	vdb-entryx_refsource_SECTRACK
	https://kb.juniper.net/JSA10803	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100323	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 14.1X53 , < 14.1X53-D46 (custom)

Juniper Networks	Junos OS	Affected: 14.2 , < 14.2R4-S9, 14.2R6 (custom) Affected: 15.1 , < 15.1F5, 15.1R3 (custom)
Juniper Networks	Junos OS	Affected: 15.1X49 , < 15.1X49-D40 (custom)
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D47 (custom)
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D65 (custom)
Juniper Networks	Junos OS	Affected: 14.1X53 , < 14.1X53-D130 (custom)
Juniper Networks	Junos OS	Affected: 15.1X53 , < 15.1X53-D233 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038900",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10803"
          },
          {
            "name": "100323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100323"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.1X53-D46",
              "status": "affected",
              "version": "14.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.2R4-S9, 14.2R6",
              "status": "affected",
              "version": "14.2",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1F5, 15.1R3",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X49-D40",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "NFX150, NFX250"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D47",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "QFX10000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D65",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "QFabric System"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "14.1X53-D130",
              "status": "affected",
              "version": "14.1X53",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "QFX5110, QFX5200"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1X53-D233",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "This issue was found during internal product security testing.  Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow in Junos CLI",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T17:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1038900",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10803"
        },
        {
          "name": "100323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100323"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D46, 14.1X53-D130*, 14.2R4-S9, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D65, 15.1X53-D233 16.1R1, and all subsequent releases.\n\n*Pending Publication\nThis issue is being tracked as PR 1149652 and is visible on the Customer Support website."
        }
      ],
      "source": {
        "advisory": "JSA10803",
        "defect": [
          "1149652"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: buffer overflow vulnerability in Junos CLI",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use access lists or firewall filters to limit access to the router\u0027s CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2017-07-12T15:00:00.000Z",
          "ID": "CVE-2017-10602",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: buffer overflow vulnerability in Junos CLI"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
                            "version_affected": "\u003c",
                            "version_name": "14.1X53",
                            "version_value": "14.1X53-D46"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "14.2",
                            "version_value": "14.2R4-S9, 14.2R6"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1F5, 15.1R3"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D40"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "NFX150, NFX250",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D47"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX10000 Series",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D65"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFabric System",
                            "version_affected": "\u003c",
                            "version_name": "14.1X53",
                            "version_value": "14.1X53-D130"
                          },
                          {
                            "affected": "\u003c",
                            "platform": "QFX5110, QFX5200",
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D233"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "This issue was found during internal product security testing.  Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow in Junos CLI"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038900",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038900"
            },
            {
              "name": "https://kb.juniper.net/JSA10803",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10803"
            },
            {
              "name": "100323",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100323"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D46, 14.1X53-D130*, 14.2R4-S9, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D65, 15.1X53-D233 16.1R1, and all subsequent releases.\n\n*Pending Publication\nThis issue is being tracked as PR 1149652 and is visible on the Customer Support website."
          }
        ],
        "source": {
          "advisory": "JSA10803",
          "defect": [
            "1149652"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Use access lists or firewall filters to limit access to the router\u0027s CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-10602",
    "datePublished": "2017-07-14T14:00:00Z",
    "dateReserved": "2017-06-28T00:00:00",
    "dateUpdated": "2024-09-17T02:11:29.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10602\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2017-07-17T13:18:18.657\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento de b\u00fafer en la CLI de Junos OS puede permitir que un usuario autenticado local con privilegios de solo lectura y acceso a la CLI de Junos ejecute c\u00f3digo con privilegios root. Las versiones afectadas son Juniper Networks Junos OS: versi\u00f3n 14.1X53 y versiones anteriores a 14.1X53-D46 en EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; Versiones 14.1X53 anteriores a 14.1X53-D130 en QFabric System; versi\u00f3n 14.2 y versiones anteriores a 14.2R4-S9, 14.2R6; versi\u00f3n 15.1 y versiones anteriores a 15.1F5, 15.1R3; versi\u00f3n 15.1X49 anteriores a 15.1X49-D40 en la serie SRX; versi\u00f3n 15.1X53 anteriores a 15.1X53-D47 en NFX150, NFX250; versi\u00f3n 15.1X53 anteriores a 15.1X53-D65 en la serie QFX10000; versi\u00f3n 15.1X53 anteriores a 15.1X53-D233 en QFX5110, QFX5200.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7FCCC1-B151-465A-8327-26DB5DC074F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D59449C6-5BD5-4C07-AEF6-EEBC70D9C4C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79149AA0-17D1-4522-894F-C025F7A30FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"30726286-7CB1-4E5D-AE44-2B4D84795900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"33BE028F-2961-414A-9D42-C4861566C2DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E85AB30C-03FC-44DB-A8AA-B916A905CA66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D01CA25F-E1E1-4831-8561-D3B0300BF4A7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD0952C4-FFCC-4A78-ADFC-289BD6E269DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AB8877-3DC0-4B8C-B864-1BF18C368337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56F5C48-BA48-4EE1-88BE-782B3CFB3B90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C56E6C3-BBB6-4853-91D9-99C7676D0CD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC196685-3B0C-4754-AE6A-6BE456CC6B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0146AA9-C513-4871-A62A-52C9F40EB958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18672EF-E33D-4ACE-BB0A-561812F502C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF0E75F-831E-40B8-926D-B2E92A84E31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0ECBD8-3D66-49DA-A557-5695159F0C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAA2998-A0D6-4818-9E7C-25E8099403E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D211B9-B2FE-4324-AAEE-8825D5238E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7620D01-1A6B-490F-857E-0D803E0AEE56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DABA6A-FA7A-4289-8C6A-2B93689A5440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49-d10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8278F453-2364-43DE-A1A7-7538291970FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49-d20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3F89F2-5CAC-4016-AC55-2B43909F3E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49-d30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29805EC7-F643-40B7-B34F-3926151B0DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x49-d35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04595957-476D-4021-9CFA-CA51BA294E56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E87C765-8D68-404A-AC71-3F22A7260E8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E3B807C-196D-42B8-9042-7582A1366772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FEEE8F-9279-46F2-BAF9-A60537020C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F294E43-73FA-4EF3-90F2-EE29C56D6573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDDE1048-BFEA-4A3E-8270-27C538A68837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC517CD0-FF35-498F-AD33-683B43CA3829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B5ED13-F998-447C-8FEA-047FE9FE2F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*\",\"matchCriteriaId\":\"65F3CD2A-D5E1-4EFF-9013-6D81B396F765\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d70:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BAA95F-7CA2-46A0-8F60-588941AF3E44\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100323\",\"source\":\"sirt@juniper.net\"},{\"url\":\"http://www.securitytracker.com/id/1038900\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10803\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1038900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-328

Vulnerability from certfr_avis - Published: 2018-07-10 - Updated: 2018-07-10

Une vulnérabilité a été découverte dans Juniper Junos OS CLI. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Juniper Networks Junos OS15.1X53 versions antérieures à 15.1X53-D47 sur NFX150 et NFX250
Juniper Networks	Junos OS	Juniper Networks Junos OS 14.1X53 versions antérieures à 14.1X53-D46 sur EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600 et QFX5100
Juniper Networks	Junos OS	Juniper Networks Junos OS14.1X53 versions antérieures à 14.1X53-D130 sur QFabric System
Juniper Networks	Junos OS	Juniper Networks Junos OS15.1 versions antérieures à 15.1F5, 15.1R3
Juniper Networks	Junos OS	Juniper Networks Junos OS14.2 versions antérieures à 14.2R4-S9, 14.2R6
Juniper Networks	Junos OS	Juniper Networks Junos OS15.1X49 versions antérieures à 15.1X49-D40 sur SRX Series
Juniper Networks	Junos OS	Juniper Networks Junos OS15.1X53 versions antérieures à 15.1X53-D65 sur QFX10000 Series
Juniper Networks	Junos OS	Juniper Networks Junos OS15.1X53 versions antérieures à 15.1X53-D233 sur QFX5110 et QFX5200

References

Title

Publication Time

GSD-2017-10602

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-10602

Aliases

CVE-2017-10602

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-10602",
    "description": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.",
    "id": "GSD-2017-10602"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-10602"
      ],
      "details": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.",
      "id": "GSD-2017-10602",
      "modified": "2023-12-13T01:21:15.015517Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2017-07-12T15:00:00.000Z",
        "ID": "CVE-2017-10602",
        "STATE": "PUBLIC",
        "TITLE": "Junos OS: buffer overflow vulnerability in Junos CLI"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Junos OS",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;",
                          "version_name": "14.1X53",
                          "version_value": "14.1X53-D46"
                        },
                        {
                          "affected": "\u003c",
                          "version_name": "14.2",
                          "version_value": "14.2R4-S9, 14.2R6"
                        },
                        {
                          "affected": "\u003c",
                          "version_name": "15.1",
                          "version_value": "15.1F5, 15.1R3"
                        },
                        {
                          "affected": "\u003c",
                          "platform": "SRX Series",
                          "version_name": "15.1X49",
                          "version_value": "15.1X49-D40"
                        },
                        {
                          "affected": "\u003c",
                          "platform": "NFX150, NFX250",
                          "version_name": "15.1X53",
                          "version_value": "15.1X53-D47"
                        },
                        {
                          "affected": "\u003c",
                          "platform": "QFX10000 Series",
                          "version_name": "15.1X53",
                          "version_value": "15.1X53-D65"
                        },
                        {
                          "affected": "\u003c",
                          "platform": "QFabric System",
                          "version_name": "14.1X53",
                          "version_value": "14.1X53-D130"
                        },
                        {
                          "affected": "\u003c",
                          "platform": "QFX5110, QFX5200",
                          "version_name": "15.1X53",
                          "version_value": "15.1X53-D233"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "This issue was found during internal product security testing.  Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "buffer overflow in Junos CLI"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038900",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038900"
          },
          {
            "name": "https://kb.juniper.net/JSA10803",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10803"
          },
          {
            "name": "100323",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100323"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D46, 14.1X53-D130*, 14.2R4-S9, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D47, 15.1X53-D65, 15.1X53-D233 16.1R1, and all subsequent releases.\n\n*Pending Publication\nThis issue is being tracked as PR 1149652 and is visible on the Customer Support website."
        }
      ],
      "source": {
        "advisory": "JSA10803",
        "defect": [
          "1149652"
        ],
        "discovery": "INTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "Use access lists or firewall filters to limit access to the router\u0027s CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49-d10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49-d35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49-d30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49-d20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d70:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-10602"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10803",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10803"
            },
            {
              "name": "1038900",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038900"
            },
            {
              "name": "100323",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/100323"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-07-12T01:29Z",
      "publishedDate": "2017-07-17T13:18Z"
    }
  }
}

CNVD-2017-21782

Vulnerability from cnvd - Published: 2017-08-18

Title

Juniper Junos管理员权限获取漏洞（CNVD-2017-21782）

Description

Juniper Junos是一套专用于该公司的硬件系统的网络操作系统。 Juniper Junos命令行窗口存在管理员权限获取漏洞，允许本地攻击者利用该漏洞获取管理员权限。

Severity

高

Patch Name

Juniper Junos管理员权限获取漏洞（CNVD-2017-21782）的补丁

Patch Description

Juniper Junos是一套专用于该公司的硬件系统的网络操作系统。 Juniper Junos命令行窗口存在管理员权限获取漏洞，允许本地攻击者利用该漏洞获取管理员权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10803

Reference

http://securitytracker.com/id/1038900

Impacted products

Name
['Juniper Networks Junos OS 15.1X53，<15.1X53-D47', 'Juniper Networks Junos OS 15.1，<15.1R3', 'Juniper Networks Junos OS 14.1X53', 'Juniper Networks Junos OS 14.2，<14.2R6', 'Juniper Networks Junos OS 15.1，<15.1F5', 'Juniper Networks Junos OS 15.1F6', 'Juniper Networks Junos OS 15.1R3', 'Juniper Networks Junos OS 15.1X49，<15.1X49-D40', 'Juniper Networks Junos OS 15.1X53-D70']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10602",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10602"
    }
  },
  "description": "Juniper Junos\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper Junos\u547d\u4ee4\u884c\u7a97\u53e3\u5b58\u5728\u7ba1\u7406\u5458\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10803",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-21782",
  "openTime": "2017-08-18",
  "patchDescription": "Juniper Junos\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper Junos\u547d\u4ee4\u884c\u7a97\u53e3\u5b58\u5728\u7ba1\u7406\u5458\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Junos\u7ba1\u7406\u5458\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff08CNVD-2017-21782\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Junos OS 15.1X53\uff0c\u003c15.1X53-D47",
      "Juniper Networks Junos OS 15.1\uff0c\u003c15.1R3",
      "Juniper Networks Junos OS 14.1X53",
      "Juniper Networks Junos OS 14.2\uff0c\u003c14.2R6",
      "Juniper Networks Junos OS 15.1\uff0c\u003c15.1F5",
      "Juniper Networks Junos OS 15.1F6",
      "Juniper Networks Junos OS  15.1R3",
      "Juniper Networks Junos OS 15.1X49\uff0c\u003c15.1X49-D40",
      "Juniper Networks Junos OS 15.1X53-D70"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038900",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-14",
  "title": "Juniper Junos\u7ba1\u7406\u5458\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff08CNVD-2017-21782\uff09"
}

GHSA-V8X4-RV99-R6C5

Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2022-05-14 03:14

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-10602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-17T13:18:00Z",
    "severity": "HIGH"
  },
  "details": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.",
  "id": "GHSA-v8x4-rv99-r6c5",
  "modified": "2022-05-14T03:14:44Z",
  "published": "2022-05-14T03:14:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10602"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10803"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100323"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201707-0241

Vulnerability from variot - Updated: 2025-04-20 23:27

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200. Juniper Junos is prone to a local buffer-overflow vulnerability. Failed exploits may result in denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS Release 14.1X53, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0241",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "15.1x53"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "juniper",
        "version": "14.1x53"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49-d20"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49-d10"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49-d35"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1x49-d30"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "14.2"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1x53"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1f5"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1x53-d47"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "14.1x53"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "14.2"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "14.2r6"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1f6"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1x49-d40"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1x53-d70"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1x49"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "15.1r3"
      },
      {
        "model": "junos 15.1x53-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x49-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x49-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d45",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d44",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d42",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d28",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d18",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d16",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d122",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 16.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d70",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d47",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x49-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:juniper:junos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "100323"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-10602",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-10602",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-100941",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-10602",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "sirt@juniper.net",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2017-10602",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-10602",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2017-10602",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-10602",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-617",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-100941",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200. Juniper Junos is prone to a local buffer-overflow vulnerability. Failed exploits  may result in denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company\u0027s hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS Release 14.1X53, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-10602",
        "trust": 2.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10803",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038900",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "100323",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-100941",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "id": "VAR-201707-0241",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:27:23.113000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10803",
        "trust": 0.8,
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10803\u0026actp=METADATA"
      },
      {
        "title": "Juniper Junos OS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71735"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/100323"
      },
      {
        "trust": 1.1,
        "url": "https://kb.juniper.net/jsa10803"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038900"
      },
      {
        "trust": 0.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10803"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10602"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10602"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038900"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/us/en/products-services/nos/junos/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "date": "2017-08-15T00:00:00",
        "db": "BID",
        "id": "100323"
      },
      {
        "date": "2017-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "date": "2017-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "date": "2017-07-17T13:18:18.657000",
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-100941"
      },
      {
        "date": "2017-08-15T00:00:00",
        "db": "BID",
        "id": "100323"
      },
      {
        "date": "2017-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      },
      {
        "date": "2017-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-10602"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "100323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Junos OS Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005938"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-617"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-10602

Vulnerability from fkie_nvd - Published: 2017-07-17 13:18 - Updated: 2025-04-20 01:37

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/100323
sirt@juniper.net	http://www.securitytracker.com/id/1038900	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10803	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100323
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038900	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10803	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	14.1x53
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1x49
juniper	junos	15.1x49-d10
juniper	junos	15.1x49-d20
juniper	junos	15.1x49-d30
juniper	junos	15.1x49-d35
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7FCCC1-B151-465A-8327-26DB5DC074F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59449C6-5BD5-4C07-AEF6-EEBC70D9C4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "79149AA0-17D1-4522-894F-C025F7A30FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "30726286-7CB1-4E5D-AE44-2B4D84795900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "33BE028F-2961-414A-9D42-C4861566C2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*",
              "matchCriteriaId": "E85AB30C-03FC-44DB-A8AA-B916A905CA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.2:r5:*:*:*:*:*:*",
              "matchCriteriaId": "D01CA25F-E1E1-4831-8561-D3B0300BF4A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0952C4-FFCC-4A78-ADFC-289BD6E269DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
              "matchCriteriaId": "83AB8877-3DC0-4B8C-B864-1BF18C368337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
              "matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
              "matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "F0146AA9-C513-4871-A62A-52C9F40EB958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A18672EF-E33D-4ACE-BB0A-561812F502C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "CEF0E75F-831E-40B8-926D-B2E92A84E31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
              "matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
              "matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
              "matchCriteriaId": "71D211B9-B2FE-4324-AAEE-8825D5238E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "C7620D01-1A6B-490F-857E-0D803E0AEE56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:*:*:*:*:*:*:*",
              "matchCriteriaId": "20DABA6A-FA7A-4289-8C6A-2B93689A5440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8278F453-2364-43DE-A1A7-7538291970FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d20:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3F89F2-5CAC-4016-AC55-2B43909F3E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d30:*:*:*:*:*:*:*",
              "matchCriteriaId": "29805EC7-F643-40B7-B34F-3926151B0DFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49-d35:*:*:*:*:*:*:*",
              "matchCriteriaId": "04595957-476D-4021-9CFA-CA51BA294E56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*",
              "matchCriteriaId": "6E87C765-8D68-404A-AC71-3F22A7260E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
              "matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
              "matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
              "matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
              "matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
              "matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
              "matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
              "matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*",
              "matchCriteriaId": "C2B5ED13-F998-447C-8FEA-047FE9FE2F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*",
              "matchCriteriaId": "65F3CD2A-D5E1-4EFF-9013-6D81B396F765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d70:*:*:*:*:*:*",
              "matchCriteriaId": "88BAA95F-7CA2-46A0-8F60-588941AF3E44",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la CLI de Junos OS puede permitir que un usuario autenticado local con privilegios de solo lectura y acceso a la CLI de Junos ejecute c\u00f3digo con privilegios root. Las versiones afectadas son Juniper Networks Junos OS: versi\u00f3n 14.1X53 y versiones anteriores a 14.1X53-D46 en EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; Versiones 14.1X53 anteriores a 14.1X53-D130 en QFabric System; versi\u00f3n 14.2 y versiones anteriores a 14.2R4-S9, 14.2R6; versi\u00f3n 15.1 y versiones anteriores a 15.1F5, 15.1R3; versi\u00f3n 15.1X49 anteriores a 15.1X49-D40 en la serie SRX; versi\u00f3n 15.1X53 anteriores a 15.1X53-D47 en NFX150, NFX250; versi\u00f3n 15.1X53 anteriores a 15.1X53-D65 en la serie QFX10000; versi\u00f3n 15.1X53 anteriores a 15.1X53-D233 en QFX5110, QFX5200."
    }
  ],
  "id": "CVE-2017-10602",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-17T13:18:18.657",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "http://www.securityfocus.com/bid/100323"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038900"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/100323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10803"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-10602 (GCVE-0-2017-10602)

CERTFR-2018-AVI-328

Solution

GSD-2017-10602

CNVD-2017-21782

GHSA-V8X4-RV99-R6C5

VAR-201707-0241

FKIE_CVE-2017-10602

Tags

Sightings

Nomenclature