Details of VAR-201707-0246

ID

VAR-201707-0246

CVE

CVE-2017-10601

TITLE

Juniper Networks Junos OS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005975

DESCRIPTION

A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2. Juniper Networks Junos OS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS due to insufficient authentication of logged-in users. A remote attacker could exploit this vulnerability to bypass authentication and gain privileges on the target system

Trust: 1.8

sources: NVD: CVE-2017-10601 // JVNDB: JVNDB-2017-005975 // VULHUB: VHN-100940 // VULMON: CVE-2017-10601

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1f3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r4-s12	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x53	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1r2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1f2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r11	Trust: 0.8

sources: JVNDB: JVNDB-2017-005975 // CNNVD: CNNVD-201707-619 // NVD: CVE-2017-10601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10601
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2017-10601
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-10601
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201707-619
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-100940
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-10601
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-10601
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-100940
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10601
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-100940 // VULMON: CVE-2017-10601 // JVNDB: JVNDB-2017-005975 // CNNVD: CNNVD-201707-619 // NVD: CVE-2017-10601 // NVD: CVE-2017-10601

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-100940 // JVNDB: JVNDB-2017-005975 // NVD: CVE-2017-10601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-619

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-619

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005975

PATCH

title:	JSA10802	url:	https://kb.juniper.net/JSA10802	Trust: 0.8
title:	Juniper Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71737	Trust: 0.6

sources: JVNDB: JVNDB-2017-005975 // CNNVD: CNNVD-201707-619

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10601	Trust: 2.6
db:	JUNIPER	id:	JSA10802	Trust: 1.8
db:	SECTRACK	id:	1038902	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-005975	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-619	Trust: 0.6
db:	VULHUB	id:	VHN-100940	Trust: 0.1
db:	VULMON	id:	CVE-2017-10601	Trust: 0.1

sources: VULHUB: VHN-100940 // VULMON: CVE-2017-10601 // JVNDB: JVNDB-2017-005975 // CNNVD: CNNVD-201707-619 // NVD: CVE-2017-10601

REFERENCES

url:	https://kb.juniper.net/jsa10802	Trust: 1.8
url:	http://www.securitytracker.com/id/1038902	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10601	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10601	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-100940 // VULMON: CVE-2017-10601 // JVNDB: JVNDB-2017-005975 // CNNVD: CNNVD-201707-619 // NVD: CVE-2017-10601

SOURCES

db:	VULHUB	id:	VHN-100940
db:	VULMON	id:	CVE-2017-10601
db:	JVNDB	id:	JVNDB-2017-005975
db:	CNNVD	id:	CNNVD-201707-619
db:	NVD	id:	CVE-2017-10601

LAST UPDATE DATE

2024-08-14T15:23:46.422000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-100940	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-10601	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-005975	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-619	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-10601	date:	2019-10-09T23:21:38.167

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-100940	date:	2017-07-17T00:00:00
db:	VULMON	id:	CVE-2017-10601	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-005975	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-619	date:	2017-07-19T00:00:00
db:	NVD	id:	CVE-2017-10601	date:	2017-07-17T13:18:18.627