Sign-up

ID

VAR-201707-0241


CVE

CVE-2017-10602


TITLE

Junos OS Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2017-005938

DESCRIPTION

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200. Juniper Junos is prone to a local buffer-overflow vulnerability. Failed exploits may result in denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS Release 14.1X53, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53

Trust: 1.98

sources: NVD: CVE-2017-10602 // JVNDB: JVNDB-2017-005938 // BID: 100323 // VULHUB: VHN-100941

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49-d30

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d10

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d20

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49-d35

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d47

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d70

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d44scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d42scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d122scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope:neversion: -

Trust: 0.3

sources: BID: 100323 // JVNDB: JVNDB-2017-005938 // CNNVD: CNNVD-201707-617 // NVD: CVE-2017-10602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10602
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10602
value: HIGH

Trust: 1.0

NVD: CVE-2017-10602
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-617
value: HIGH

Trust: 0.6

VULHUB: VHN-100941
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10602
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100941
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10602
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2017-10602
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-100941 // JVNDB: JVNDB-2017-005938 // CNNVD: CNNVD-201707-617 // NVD: CVE-2017-10602 // NVD: CVE-2017-10602

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-100941 // JVNDB: JVNDB-2017-005938 // NVD: CVE-2017-10602

THREAT TYPE

local

Trust: 0.9

sources: BID: 100323 // CNNVD: CNNVD-201707-617

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201707-617

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005938

PATCH
title:JSA10803url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10803&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71735
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005938 // 
            
            
            
            CNNVD: CNNVD-201707-617

EXTERNAL IDS
db:NVDid:CVE-2017-10602
Trust: 2.8
db:JUNIPERid:JSA10803
Trust: 2.0
db:SECTRACKid:1038900
Trust: 1.7
db:BIDid:100323
Trust: 1.4
db:JVNDBid:JVNDB-2017-005938
Trust: 0.8
db:CNNVDid:CNNVD-201707-617
Trust: 0.7
db:VULHUBid:VHN-100941
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100941 // 
            
            
            
            BID: 100323 // 
            
            
            
            JVNDB: JVNDB-2017-005938 // 
            
            
            
            CNNVD: CNNVD-201707-617 // 
            
            
            
            NVD: CVE-2017-10602

REFERENCES
url:http://www.securityfocus.com/bid/100323
Trust: 1.1
url:https://kb.juniper.net/jsa10803
Trust: 1.1
url:http://www.securitytracker.com/id/1038900
Trust: 1.1
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10803
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10602
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10602
Trust: 0.8
url:http://securitytracker.com/id/1038900
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-100941 // 
            
            
            
            BID: 100323 // 
            
            
            
            JVNDB: JVNDB-2017-005938 // 
            
            
            
            CNNVD: CNNVD-201707-617 // 
            
            
            
            NVD: CVE-2017-10602

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100323

SOURCES
db:VULHUBid:VHN-100941
db:BIDid:100323
db:JVNDBid:JVNDB-2017-005938
db:CNNVDid:CNNVD-201707-617
db:NVDid:CVE-2017-10602

LAST UPDATE DATE
2024-08-14T14:13:21.687000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100941date:2018-07-12T00:00:00
db:BIDid:100323date:2017-08-15T00:00:00
db:JVNDBid:JVNDB-2017-005938date:2017-08-09T00:00:00
db:CNNVDid:CNNVD-201707-617date:2017-08-16T00:00:00
db:NVDid:CVE-2017-10602date:2018-07-12T01:29:01.383

SOURCES RELEASE DATE
db:VULHUBid:VHN-100941date:2017-07-17T00:00:00
db:BIDid:100323date:2017-08-15T00:00:00
db:JVNDBid:JVNDB-2017-005938date:2017-08-09T00:00:00
db:CNNVDid:CNNVD-201707-617date:2017-07-17T00:00:00
db:NVDid:CVE-2017-10602date:2017-07-17T13:18:18.657