Sign-up

ID

VAR-201707-0242


CVE

CVE-2017-10603


TITLE

Junos OS CLI In XML Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005978

DESCRIPTION

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue. Juniper Junos is prone to a local privilege-escalation vulnerability. Local attackers could exploit this issue to run arbitrary commands with root privileges. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2017-10603 // JVNDB: JVNDB-2017-005978 // BID: 100062 // VULHUB: VHN-100942

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junos osscope:eqversion:15.1x53-d47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

sources: BID: 100062 // JVNDB: JVNDB-2017-005978 // CNNVD: CNNVD-201707-618 // NVD: CVE-2017-10603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10603
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10603
value: HIGH

Trust: 1.0

NVD: CVE-2017-10603
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-618
value: HIGH

Trust: 0.6

VULHUB: VHN-100942
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10603
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100942
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10603
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2017-10603
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-100942 // JVNDB: JVNDB-2017-005978 // CNNVD: CNNVD-201707-618 // NVD: CVE-2017-10603 // NVD: CVE-2017-10603

PROBLEMTYPE DATA

problemtype:CWE-91

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-100942 // JVNDB: JVNDB-2017-005978 // NVD: CVE-2017-10603

THREAT TYPE

local

Trust: 0.9

sources: BID: 100062 // CNNVD: CNNVD-201707-618

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201707-618

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005978

PATCH
title:JSA10805url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10805&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71736
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005978 // 
            
            
            
            CNNVD: CNNVD-201707-618

EXTERNAL IDS
db:NVDid:CVE-2017-10603
Trust: 2.8
db:JUNIPERid:JSA10805
Trust: 2.0
db:SECTRACKid:1038901
Trust: 1.7
db:JVNDBid:JVNDB-2017-005978
Trust: 0.8
db:CNNVDid:CNNVD-201707-618
Trust: 0.7
db:BIDid:100062
Trust: 0.4
db:VULHUBid:VHN-100942
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100942 // 
            
            
            
            BID: 100062 // 
            
            
            
            JVNDB: JVNDB-2017-005978 // 
            
            
            
            CNNVD: CNNVD-201707-618 // 
            
            
            
            NVD: CVE-2017-10603

REFERENCES
url:https://kb.juniper.net/jsa10805
Trust: 1.7
url:http://www.securitytracker.com/id/1038901
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10603
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10603
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10805
Trust: 0.3
sources:
            
            
            VULHUB: VHN-100942 // 
            
            
            
            BID: 100062 // 
            
            
            
            JVNDB: JVNDB-2017-005978 // 
            
            
            
            CNNVD: CNNVD-201707-618 // 
            
            
            
            NVD: CVE-2017-10603

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100062

SOURCES
db:VULHUBid:VHN-100942
db:BIDid:100062
db:JVNDBid:JVNDB-2017-005978
db:CNNVDid:CNNVD-201707-618
db:NVDid:CVE-2017-10603

LAST UPDATE DATE
2024-08-14T14:46:08.280000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100942date:2019-10-09T00:00:00
db:BIDid:100062date:2017-07-12T00:00:00
db:JVNDBid:JVNDB-2017-005978date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-618date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10603date:2019-10-09T23:21:38.510

SOURCES RELEASE DATE
db:VULHUBid:VHN-100942date:2017-07-17T00:00:00
db:BIDid:100062date:2017-07-12T00:00:00
db:JVNDBid:JVNDB-2017-005978date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-618date:2017-07-17T00:00:00
db:NVDid:CVE-2017-10603date:2017-07-17T13:18:18.687