ID

VAR-201707-0293


CVE

CVE-2017-2341


TITLE

Juniper Networks Junos OS Vulnerable to gaining access to the host operating environment

Trust: 0.8

sources: JVNDB: JVNDB-2017-005969

DESCRIPTION

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue. Juniper QFX5110 series, etc. QFX5110 series is a series of Ethernet switches; Juniper vSRX series is a series of firewall emulator products; SRX1500 series is a series of firewall devices. Junos OS is one such operating system. A security vulnerability exists in Junos OS Release 14.1X53, Release 15.1, Release 15.1X49, and Release 16.1 in several Juniper products due to the program's inability to adequately perform authentication. The following products are affected: Juniper QFX5110 series, QFX5200 series, QFX10002 series, QFX10008 series, QFX10016 series, EX4600 series, NFX250 series, EX4600 series, vSRX series, SRX1500 series, SRX4100 series, SRX4000 series, ACX

Trust: 1.71

sources: NVD: CVE-2017-2341 // JVNDB: JVNDB-2017-005969 // VULHUB: VHN-110544

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:14.1x53-d26

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d27

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d10

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d30

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d25

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d35

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53-d15

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:15.1x49-d70

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r2

Trust: 0.8

sources: JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2341
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-2341
value: HIGH

Trust: 1.0

NVD: CVE-2017-2341
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-613
value: HIGH

Trust: 0.6

VULHUB: VHN-110544
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2341
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110544
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2341
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341 // NVD: CVE-2017-2341

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // NVD: CVE-2017-2341

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201707-613

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-613

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005969

PATCH

title:JSA10787url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787&actp=METADATA

Trust: 0.8

title:Multiple Juniper product Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71731

Trust: 0.6

sources: JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613

EXTERNAL IDS

db:NVDid:CVE-2017-2341

Trust: 2.5

db:JUNIPERid:JSA10787

Trust: 1.7

db:SECTRACKid:1038893

Trust: 1.7

db:JVNDBid:JVNDB-2017-005969

Trust: 0.8

db:CNNVDid:CNNVD-201707-613

Trust: 0.7

db:VULHUBid:VHN-110544

Trust: 0.1

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

REFERENCES

url:https://kb.juniper.net/jsa10787

Trust: 1.7

url:http://www.securitytracker.com/id/1038893

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2341

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-2341

Trust: 0.8

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

SOURCES

db:VULHUBid:VHN-110544
db:JVNDBid:JVNDB-2017-005969
db:CNNVDid:CNNVD-201707-613
db:NVDid:CVE-2017-2341

LAST UPDATE DATE

2024-08-14T14:51:55.820000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-110544date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-005969date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-613date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2341date:2019-10-09T23:26:44.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-110544date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-005969date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-613date:2017-07-19T00:00:00
db:NVDid:CVE-2017-2341date:2017-07-17T13:18:24.237