Details of VAR-201707-0243

ID

VAR-201707-0243

CVE

CVE-2017-10604

TITLE

Junos OS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-006935

DESCRIPTION

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series. Junos OS Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper SRX Series devices is an SRX series gateway device of Juniper Networks (Juniper Networks). Junos OS is the operating system used in it. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in cluster mode in Junos OS Release 12.1X46, Release 12.3X48, and Release 15.1X49 on Juniper SRX Series devices. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2017-10604 // JVNDB: JVNDB-2017-006935 // VULHUB: VHN-100943

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-006935 // CNNVD: CNNVD-201707-608 // NVD: CVE-2017-10604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10604
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2017-10604
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-10604
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201707-608
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-100943
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10604
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-100943
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10604
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2017-10604
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-100943 // JVNDB: JVNDB-2017-006935 // CNNVD: CNNVD-201707-608 // NVD: CVE-2017-10604 // NVD: CVE-2017-10604

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-100943 // JVNDB: JVNDB-2017-006935 // NVD: CVE-2017-10604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-608

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-608

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006935

PATCH

title:	JSA10806	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10806&actp=METADATA	Trust: 0.8
title:	Juniper SRX Series device Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71728	Trust: 0.6

sources: JVNDB: JVNDB-2017-006935 // CNNVD: CNNVD-201707-608

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10604	Trust: 2.5
db:	SECTRACK	id:	1038886	Trust: 1.7
db:	JUNIPER	id:	JSA10806	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006935	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-608	Trust: 0.7
db:	VULHUB	id:	VHN-100943	Trust: 0.1

sources: VULHUB: VHN-100943 // JVNDB: JVNDB-2017-006935 // CNNVD: CNNVD-201707-608 // NVD: CVE-2017-10604

REFERENCES

url:	https://kb.juniper.net/jsa10806	Trust: 1.7
url:	http://www.securitytracker.com/id/1038886	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10604	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10604	Trust: 0.8

sources: VULHUB: VHN-100943 // JVNDB: JVNDB-2017-006935 // CNNVD: CNNVD-201707-608 // NVD: CVE-2017-10604

SOURCES

db:	VULHUB	id:	VHN-100943
db:	JVNDB	id:	JVNDB-2017-006935
db:	CNNVD	id:	CNNVD-201707-608
db:	NVD	id:	CVE-2017-10604

LAST UPDATE DATE

2024-11-23T23:12:25.809000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-100943	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-006935	date:	2017-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201707-608	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-10604	date:	2024-11-21T03:06:11.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-100943	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-006935	date:	2017-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201707-608	date:	2017-07-19T00:00:00
db:	NVD	id:	CVE-2017-10604	date:	2017-07-17T13:18:18.720