Details of VAR-201705-3373

ID

VAR-201705-3373

CVE

CVE-2017-2309

TITLE

Juniper Networks Junos Space Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-004599

DESCRIPTION

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. Juniper Junos Space is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained will aid in further attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2017-2309 // JVNDB: JVNDB-2017-004599 // BID: 98750 // VULHUB: VHN-110512

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lt	version:	16.1r1	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	16.1	Trust: 0.6
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2.11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1.r3.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r4.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 16.1r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 98750 // JVNDB: JVNDB-2017-004599 // CNNVD: CNNVD-201705-1350 // NVD: CVE-2017-2309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2309
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2309
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-1350
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110512
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2309
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110512
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2309
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110512 // JVNDB: JVNDB-2017-004599 // CNNVD: CNNVD-201705-1350 // NVD: CVE-2017-2309

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-110512 // JVNDB: JVNDB-2017-004599 // NVD: CVE-2017-2309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1350

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-1350

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004599

PATCH

title:	JSA10770	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos Space Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70624	Trust: 0.6

sources: JVNDB: JVNDB-2017-004599 // CNNVD: CNNVD-201705-1350

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2309	Trust: 2.8
db:	JUNIPER	id:	JSA10770	Trust: 2.0
db:	BID	id:	98750	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-004599	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1350	Trust: 0.7
db:	NSFOCUS	id:	36767	Trust: 0.6
db:	VULHUB	id:	VHN-110512	Trust: 0.1

sources: VULHUB: VHN-110512 // BID: 98750 // JVNDB: JVNDB-2017-004599 // CNNVD: CNNVD-201705-1350 // NVD: CVE-2017-2309

REFERENCES

url:	https://kb.juniper.net/jsa10770	Trust: 1.7
url:	http://www.securityfocus.com/bid/98750	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2309	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2309	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36767	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss	Trust: 0.3

sources: VULHUB: VHN-110512 // BID: 98750 // JVNDB: JVNDB-2017-004599 // CNNVD: CNNVD-201705-1350 // NVD: CVE-2017-2309

CREDITS

Juniper Networks

Trust: 0.3

sources: BID: 98750

SOURCES

db:	VULHUB	id:	VHN-110512
db:	BID	id:	98750
db:	JVNDB	id:	JVNDB-2017-004599
db:	CNNVD	id:	CNNVD-201705-1350
db:	NVD	id:	CVE-2017-2309

LAST UPDATE DATE

2024-11-23T19:57:23.217000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110512	date:	2017-06-09T00:00:00
db:	BID	id:	98750	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004599	date:	2017-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201705-1350	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-2309	date:	2024-11-21T03:23:15.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110512	date:	2017-05-30T00:00:00
db:	BID	id:	98750	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004599	date:	2017-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201705-1350	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-2309	date:	2017-05-30T14:29:01.050