Details of VAR-201705-3372

ID

VAR-201705-3372

CVE

CVE-2017-2308

TITLE

Juniper Networks Junos Space In XML External entity injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004485

DESCRIPTION

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. Juniper Junos Space is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Versions prior to Juniper Junos Space 16.1R1 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. Attackers can exploit this vulnerability to read arbitrary files on the device

Trust: 1.98

sources: NVD: CVE-2017-2308 // JVNDB: JVNDB-2017-004485 // BID: 98755 // VULHUB: VHN-110511

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	16.1r1	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	16.1	Trust: 0.6
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2.11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1.r3.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r4.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 16.1r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 98755 // JVNDB: JVNDB-2017-004485 // CNNVD: CNNVD-201705-1351 // NVD: CVE-2017-2308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2308
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2308
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-1351
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110511
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2308
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110511
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2308
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110511 // JVNDB: JVNDB-2017-004485 // CNNVD: CNNVD-201705-1351 // NVD: CVE-2017-2308

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-110511 // JVNDB: JVNDB-2017-004485 // NVD: CVE-2017-2308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1351

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1351

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004485

PATCH

title:	JSA10770	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos Space Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70625	Trust: 0.6

sources: JVNDB: JVNDB-2017-004485 // CNNVD: CNNVD-201705-1351

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2308	Trust: 2.8
db:	JUNIPER	id:	JSA10770	Trust: 2.0
db:	BID	id:	98755	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-004485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1351	Trust: 0.7
db:	NSFOCUS	id:	36768	Trust: 0.6
db:	VULHUB	id:	VHN-110511	Trust: 0.1

sources: VULHUB: VHN-110511 // BID: 98755 // JVNDB: JVNDB-2017-004485 // CNNVD: CNNVD-201705-1351 // NVD: CVE-2017-2308

REFERENCES

url:	https://kb.juniper.net/jsa10770	Trust: 1.7
url:	http://www.securityfocus.com/bid/98755	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2308	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2308	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36768	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss	Trust: 0.3

sources: VULHUB: VHN-110511 // BID: 98755 // JVNDB: JVNDB-2017-004485 // CNNVD: CNNVD-201705-1351 // NVD: CVE-2017-2308

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 98755

SOURCES

db:	VULHUB	id:	VHN-110511
db:	BID	id:	98755
db:	JVNDB	id:	JVNDB-2017-004485
db:	CNNVD	id:	CNNVD-201705-1351
db:	NVD	id:	CVE-2017-2308

LAST UPDATE DATE

2024-11-23T21:08:27.489000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110511	date:	2017-06-08T00:00:00
db:	BID	id:	98755	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004485	date:	2017-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201705-1351	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-2308	date:	2024-11-21T03:23:15.290

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110511	date:	2017-05-30T00:00:00
db:	BID	id:	98755	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004485	date:	2017-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201705-1351	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-2308	date:	2017-05-30T14:29:01.003