CVE-2017-10603 (GCVE-0-2017-10603)

Vulnerability from cvelistv5 – Published: 2017-07-14 14:00 – Updated: 2024-09-16 19:36
VLAI?
Title
Junos OS: Local XML Injection through CLI command can lead to privilege escalation
Summary
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.
Severity ?
7 (High)
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • XML injection
Assigner
References
http://www.securitytracker.com/id/1038901 vdb-entryx_refsource_SECTRACK
https://kb.juniper.net/JSA10805 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 15.1X53 prior to 15.1X53-D47
Affected: 15.1 prior to 15.1R3
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038901",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038901"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10805"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "15.1X53 prior to 15.1X53-D47"
            },
            {
              "status": "affected",
              "version": "15.1 prior to 15.1R3"
            }
          ]
        }
      ],
      "datePublic": "2017-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-15T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1038901",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038901"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10805"
        }
      ],
      "title": "Junos OS: Local XML Injection through CLI command can lead to privilege escalation",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no direct workaround to completely eliminate the risk of this vulnerability.\n\nUse access lists or firewall filters to limit access to the router\u0027s CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2017-07-12T09:00",
          "ID": "CVE-2017-10603",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: Local XML Injection through CLI command can lead to privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_value": "15.1X53 prior to 15.1X53-D47"
                          },
                          {
                            "platform": "",
                            "version_value": "15.1 prior to 15.1R3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue."
            }
          ]
        },
        "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038901",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038901"
            },
            {
              "name": "https://kb.juniper.net/JSA10805",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10805"
            }
          ]
        },
        "solution": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D47, 15.1R3, and all subsequent releases.\nThis issue is being tracked as PR 1091037 and is visible on the Customer Support website.",
        "work_around": [
          {
            "lang": "en",
            "value": "There is no direct workaround to completely eliminate the risk of this vulnerability.\n\nUse access lists or firewall filters to limit access to the router\u0027s CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-10603",
    "datePublished": "2017-07-14T14:00:00Z",
    "dateReserved": "2017-06-28T00:00:00",
    "dateUpdated": "2024-09-16T19:36:28.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10603\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2017-07-17T13:18:18.687\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n XML en la CLI de Junos OS puede permitir que un usuario autenticado localmente eleve privilegios y ejecute comandos arbitrarios como el usuario root. Este problema se detect\u00f3 durante las pruebas internas de seguridad del producto. Las versiones afectadas son Juniper Networks Junos OS versi\u00f3n 15.1X53 anterior a 15.1X53-D47, versi\u00f3n 15.1 anterior a 15.1R3. Las versiones de Junos anteriores a 15.1 no se ven afectadas. Ning\u00fan otro producto o plataforma de Juniper Networks se ve afectado por este problema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-91\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71FB14A-67D4-4EDD-BB32-07764F5AFA6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E87C765-8D68-404A-AC71-3F22A7260E8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E3B807C-196D-42B8-9042-7582A1366772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FEEE8F-9279-46F2-BAF9-A60537020C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F294E43-73FA-4EF3-90F2-EE29C56D6573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDDE1048-BFEA-4A3E-8270-27C538A68837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC517CD0-FF35-498F-AD33-683B43CA3829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d40:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B5ED13-F998-447C-8FEA-047FE9FE2F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d45:*:*:*:*:*:*\",\"matchCriteriaId\":\"65F3CD2A-D5E1-4EFF-9013-6D81B396F765\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD0952C4-FFCC-4A78-ADFC-289BD6E269DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AB8877-3DC0-4B8C-B864-1BF18C368337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56F5C48-BA48-4EE1-88BE-782B3CFB3B90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C56E6C3-BBB6-4853-91D9-99C7676D0CD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC196685-3B0C-4754-AE6A-6BE456CC6B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0146AA9-C513-4871-A62A-52C9F40EB958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18672EF-E33D-4ACE-BB0A-561812F502C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF0E75F-831E-40B8-926D-B2E92A84E31B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0ECBD8-3D66-49DA-A557-5695159F0C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAA2998-A0D6-4818-9E7C-25E8099403E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D211B9-B2FE-4324-AAEE-8825D5238E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD332D86-5DA7-49A4-98C3-E4D946832DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6CD065-EC06-4846-BD2A-D3CA7866070F\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1038901\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10805\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1038901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10805\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.