Details of VAR-201707-0295

ID

VAR-201707-0295

CVE

CVE-2017-2343

TITLE

Juniper SRX Runs on series devices Junos OS Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2017-006080

DESCRIPTION

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue. Juniper SRX Runs on series devices Junos OS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Junos OS is the operating system used in it. The operating system provides a secure programming interface and Junos SDK. A remote attacker could exploit this vulnerability to gain access to the target system and take control of the system

Trust: 1.8

sources: NVD: CVE-2017-2343 // JVNDB: JVNDB-2017-006080 // VULHUB: VHN-110546 // VULMON: CVE-2017-2343

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.6
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-006080 // CNNVD: CNNVD-201707-620 // NVD: CVE-2017-2343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2343
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2017-2343
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-2343
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201707-620
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-110546
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-2343
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2343
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-110546
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2343
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
sirt@juniper.net:	CVE-2017-2343
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-110546 // VULMON: CVE-2017-2343 // JVNDB: JVNDB-2017-006080 // CNNVD: CNNVD-201707-620 // NVD: CVE-2017-2343 // NVD: CVE-2017-2343

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-110546 // JVNDB: JVNDB-2017-006080 // NVD: CVE-2017-2343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-620

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-620

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006080

PATCH

title:	JSA10791	url:	https://kb.juniper.net/JSA10791	Trust: 0.8
title:	Juniper SRX Series device Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71738	Trust: 0.6

sources: JVNDB: JVNDB-2017-006080 // CNNVD: CNNVD-201707-620

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2343	Trust: 2.6
db:	SECTRACK	id:	1038904	Trust: 1.8
db:	JUNIPER	id:	JSA10791	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-006080	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-620	Trust: 0.6
db:	VULHUB	id:	VHN-110546	Trust: 0.1
db:	VULMON	id:	CVE-2017-2343	Trust: 0.1

sources: VULHUB: VHN-110546 // VULMON: CVE-2017-2343 // JVNDB: JVNDB-2017-006080 // CNNVD: CNNVD-201707-620 // NVD: CVE-2017-2343

REFERENCES

url:	https://kb.juniper.net/jsa10791	Trust: 1.8
url:	http://www.securitytracker.com/id/1038904	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2343	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2343	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-110546 // VULMON: CVE-2017-2343 // JVNDB: JVNDB-2017-006080 // CNNVD: CNNVD-201707-620 // NVD: CVE-2017-2343

SOURCES

db:	VULHUB	id:	VHN-110546
db:	VULMON	id:	CVE-2017-2343
db:	JVNDB	id:	JVNDB-2017-006080
db:	CNNVD	id:	CNNVD-201707-620
db:	NVD	id:	CVE-2017-2343

LAST UPDATE DATE

2024-08-14T14:57:38.778000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110546	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-2343	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-006080	date:	2017-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201707-620	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-2343	date:	2019-10-09T23:26:45.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110546	date:	2017-07-17T00:00:00
db:	VULMON	id:	CVE-2017-2343	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-006080	date:	2017-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201707-620	date:	2017-07-19T00:00:00
db:	NVD	id:	CVE-2017-2343	date:	2017-07-17T13:18:24.297