Details of VAR-201705-3374

ID

VAR-201705-3374

CVE

CVE-2017-2310

TITLE

Juniper Networks Junos Space Host-based firewall access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004600

DESCRIPTION

A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk. Juniper Networks Junos Space Host-based firewalls contain access control vulnerabilities.Information may be tampered with. Juniper Junos Space is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform unauthorized actions. Versions prior to Juniper Junos Space 16.1R1 are vulnerable. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. An attacker could exploit this vulnerability with a specially crafted packet to bypass the firewall

Trust: 1.98

sources: NVD: CVE-2017-2310 // JVNDB: JVNDB-2017-004600 // BID: 98751 // VULHUB: VHN-110513

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	lte	version:	15.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 0.9
vendor:	juniper	model:	junos space	scope:	lt	version:	16.1r1	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2.11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 14.1.r3.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r4.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.3r1.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 13.1p1.14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space r1.8	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space 12.3p2.8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 0.3
vendor:	juniper	model:	junos space 16.1r1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 98751 // JVNDB: JVNDB-2017-004600 // CNNVD: CNNVD-201705-1349 // NVD: CVE-2017-2310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2310
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2310
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-1349
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110513
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2310
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110513
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2310
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110513 // JVNDB: JVNDB-2017-004600 // CNNVD: CNNVD-201705-1349 // NVD: CVE-2017-2310

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-110513 // JVNDB: JVNDB-2017-004600 // NVD: CVE-2017-2310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1349

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1349

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004600

PATCH

title:	JSA10770	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos Space Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70623	Trust: 0.6

sources: JVNDB: JVNDB-2017-004600 // CNNVD: CNNVD-201705-1349

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2310	Trust: 2.8
db:	JUNIPER	id:	JSA10770	Trust: 2.0
db:	BID	id:	98751	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-004600	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1349	Trust: 0.7
db:	VULHUB	id:	VHN-110513	Trust: 0.1

sources: VULHUB: VHN-110513 // BID: 98751 // JVNDB: JVNDB-2017-004600 // CNNVD: CNNVD-201705-1349 // NVD: CVE-2017-2310

REFERENCES

url:	http://www.securityfocus.com/bid/98751	Trust: 1.7
url:	https://kb.juniper.net/jsa10770	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2310	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2310	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss	Trust: 0.3

sources: VULHUB: VHN-110513 // BID: 98751 // JVNDB: JVNDB-2017-004600 // CNNVD: CNNVD-201705-1349 // NVD: CVE-2017-2310

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 98751

SOURCES

db:	VULHUB	id:	VHN-110513
db:	BID	id:	98751
db:	JVNDB	id:	JVNDB-2017-004600
db:	CNNVD	id:	CNNVD-201705-1349
db:	NVD	id:	CVE-2017-2310

LAST UPDATE DATE

2024-11-23T21:28:56.279000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110513	date:	2019-10-03T00:00:00
db:	BID	id:	98751	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004600	date:	2017-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201705-1349	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2310	date:	2024-11-21T03:23:15.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110513	date:	2017-05-30T00:00:00
db:	BID	id:	98751	date:	2017-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-004600	date:	2017-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201705-1349	date:	2017-05-30T00:00:00
db:	NVD	id:	CVE-2017-2310	date:	2017-05-30T14:29:01.113