Details of VAR-201707-0293

ID

VAR-201707-0293

CVE

CVE-2017-2341

TITLE

Juniper Networks Junos OS Vulnerable to gaining access to the host operating environment

Trust: 0.8

sources: JVNDB: JVNDB-2017-005969

DESCRIPTION

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue. Juniper QFX5110 series, etc. QFX5110 series is a series of Ethernet switches; Juniper vSRX series is a series of firewall emulator products; SRX1500 series is a series of firewall devices. Junos OS is one such operating system. A security vulnerability exists in Junos OS Release 14.1X53, Release 15.1, Release 15.1X49, and Release 16.1 in several Juniper products due to the program's inability to adequately perform authentication. The following products are affected: Juniper QFX5110 series, QFX5200 series, QFX10002 series, QFX10008 series, QFX10016 series, EX4600 series, NFX250 series, EX4600 series, vSRX series, SRX1500 series, SRX4100 series, SRX4000 series, ACX

Trust: 1.71

sources: NVD: CVE-2017-2341 // JVNDB: JVNDB-2017-005969 // VULHUB: VHN-110544

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d26	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d27	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d10	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d30	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d25	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d35	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53-d15	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x49-d70	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	16.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d40	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x53	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x49	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	16.1r2	Trust: 0.8

sources: JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2341
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2017-2341
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2341
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201707-613
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110544
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2341
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110544
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341 // NVD: CVE-2017-2341

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // NVD: CVE-2017-2341

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201707-613

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-613

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005969

PATCH

title:	JSA10787	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787&actp=METADATA	Trust: 0.8
title:	Multiple Juniper product Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71731	Trust: 0.6

sources: JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2341	Trust: 2.5
db:	JUNIPER	id:	JSA10787	Trust: 1.7
db:	SECTRACK	id:	1038893	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-005969	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-613	Trust: 0.7
db:	VULHUB	id:	VHN-110544	Trust: 0.1

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

REFERENCES

url:	https://kb.juniper.net/jsa10787	Trust: 1.7
url:	http://www.securitytracker.com/id/1038893	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2341	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2341	Trust: 0.8

sources: VULHUB: VHN-110544 // JVNDB: JVNDB-2017-005969 // CNNVD: CNNVD-201707-613 // NVD: CVE-2017-2341

SOURCES

db:	VULHUB	id:	VHN-110544
db:	JVNDB	id:	JVNDB-2017-005969
db:	CNNVD	id:	CNNVD-201707-613
db:	NVD	id:	CVE-2017-2341

LAST UPDATE DATE

2024-08-14T14:51:55.820000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110544	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-005969	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-613	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-2341	date:	2019-10-09T23:26:44.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110544	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-005969	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-613	date:	2017-07-19T00:00:00
db:	NVD	id:	CVE-2017-2341	date:	2017-07-17T13:18:24.237