Details of VAR-201705-3370

ID

VAR-201705-3370

CVE

CVE-2017-2306

TITLE

Juniper Networks Junos Space Vulnerable to code execution on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-004483

DESCRIPTION

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device. Juniper Junos Space is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to Juniper Junos Space 16.1R1 are vulnerable. Juniper Networks Junos Space is a set of network management solutions of Juniper Networks (Juniper Networks). The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2017-2306 // JVNDB: JVNDB-2017-004483 // BID: 98772 // VULHUB: VHN-110509

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	16.1r1	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	16.1	Trust: 0.6
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2.11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1.r3.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r4.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 16.1r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 98772 // JVNDB: JVNDB-2017-004483 // CNNVD: CNNVD-201705-1353 // NVD: CVE-2017-2306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2306
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2306
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201705-1353
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110509
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2306
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110509
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2306
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110509 // JVNDB: JVNDB-2017-004483 // CNNVD: CNNVD-201705-1353 // NVD: CVE-2017-2306

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-110509 // JVNDB: JVNDB-2017-004483 // NVD: CVE-2017-2306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1353

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1353

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004483

PATCH

title:	JSA10770	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos Space Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70627	Trust: 0.6

sources: JVNDB: JVNDB-2017-004483 // CNNVD: CNNVD-201705-1353

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2306	Trust: 2.8
db:	JUNIPER	id:	JSA10770	Trust: 2.0
db:	BID	id:	98772	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-004483	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1353	Trust: 0.7
db:	VULHUB	id:	VHN-110509	Trust: 0.1

sources: VULHUB: VHN-110509 // BID: 98772 // JVNDB: JVNDB-2017-004483 // CNNVD: CNNVD-201705-1353 // NVD: CVE-2017-2306

REFERENCES

url:	http://www.securityfocus.com/bid/98772	Trust: 1.7
url:	https://kb.juniper.net/jsa10770	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2306	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2306	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss	Trust: 0.3

sources: VULHUB: VHN-110509 // BID: 98772 // JVNDB: JVNDB-2017-004483 // CNNVD: CNNVD-201705-1353 // NVD: CVE-2017-2306

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 98772

SOURCES

db:	VULHUB	id:	VHN-110509
db:	BID	id:	98772
db:	JVNDB	id:	JVNDB-2017-004483
db:	CNNVD	id:	CNNVD-201705-1353
db:	NVD	id:	CVE-2017-2306

LAST UPDATE DATE

2024-11-23T21:11:45.420000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110509	date:	2019-10-03T00:00:00
db:	BID	id:	98772	date:	2017-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-004483	date:	2017-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201705-1353	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2306	date:	2024-11-21T03:23:15.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110509	date:	2017-05-30T00:00:00
db:	BID	id:	98772	date:	2017-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-004483	date:	2017-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201705-1353	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-2306	date:	2017-05-30T14:29:00.927