Sign-up

ID

VAR-201710-0195


CVE

CVE-2017-10622


TITLE

Juniper Networks Junos Space Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-009398

DESCRIPTION

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. Juniper Networks Junos Space Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos Space is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. The platform enables automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. A remote attacker could exploit this vulnerability to log in as a user with arbitrary privileges

Trust: 2.07

sources: NVD: CVE-2017-10622 // JVNDB: JVNDB-2017-009398 // BID: 101258 // VULHUB: VHN-100963 // VULMON: CVE-2017-10622

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:eqversion:17.1

Trust: 1.6

vendor:junipermodel:junos spacescope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junos spacescope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:16.1r3

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:17.1r1

Trust: 0.8

vendor:junipermodel:junos space 17.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 17.1r1 patchscope:neversion:v1

Trust: 0.3

vendor:junipermodel:junos space 16.1r3scope:neversion: -

Trust: 0.3

sources: BID: 101258 // JVNDB: JVNDB-2017-009398 // CNNVD: CNNVD-201710-505 // NVD: CVE-2017-10622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10622
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2017-10622
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-10622
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201710-505
value: CRITICAL

Trust: 0.6

VULHUB: VHN-100963
value: HIGH

Trust: 0.1

VULMON: CVE-2017-10622
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10622
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-100963
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10622
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-100963 // VULMON: CVE-2017-10622 // JVNDB: JVNDB-2017-009398 // CNNVD: CNNVD-201710-505 // NVD: CVE-2017-10622 // NVD: CVE-2017-10622

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-100963 // JVNDB: JVNDB-2017-009398 // NVD: CVE-2017-10622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-505

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201710-505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009398

PATCH
title:JSA10824url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10824&actp=METADATA
Trust: 0.8
title:Juniper Junos Space Network Management Platform Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75541
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009398 // 
            
            
            
            CNNVD: CNNVD-201710-505

EXTERNAL IDS
db:NVDid:CVE-2017-10622
Trust: 2.9
db:BIDid:101258
Trust: 2.1
db:JUNIPERid:JSA10824
Trust: 2.1
db:JVNDBid:JVNDB-2017-009398
Trust: 0.8
db:CNNVDid:CNNVD-201710-505
Trust: 0.7
db:VULHUBid:VHN-100963
Trust: 0.1
db:VULMONid:CVE-2017-10622
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100963 // 
            
            
            
            VULMON: CVE-2017-10622 // 
            
            
            
            BID: 101258 // 
            
            
            
            JVNDB: JVNDB-2017-009398 // 
            
            
            
            CNNVD: CNNVD-201710-505 // 
            
            
            
            NVD: CVE-2017-10622

REFERENCES
url:http://www.securityfocus.com/bid/101258
Trust: 1.9
url:https://kb.juniper.net/jsa10824
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10622
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10622
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10824&cat=sirt_advisory&actp=list
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100963 // 
            
            
            
            VULMON: CVE-2017-10622 // 
            
            
            
            BID: 101258 // 
            
            
            
            JVNDB: JVNDB-2017-009398 // 
            
            
            
            CNNVD: CNNVD-201710-505 // 
            
            
            
            NVD: CVE-2017-10622

CREDITS
Ilias Polychroniadis of NeuroSoft S.A.
Trust: 0.3
sources:
            
            
            BID: 101258

SOURCES
db:VULHUBid:VHN-100963
db:VULMONid:CVE-2017-10622
db:BIDid:101258
db:JVNDBid:JVNDB-2017-009398
db:CNNVDid:CNNVD-201710-505
db:NVDid:CVE-2017-10622

LAST UPDATE DATE
2024-11-23T22:45:35.371000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100963date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-10622date:2019-10-09T00:00:00
db:BIDid:101258date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009398date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-505date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10622date:2024-11-21T03:06:13.930

SOURCES RELEASE DATE
db:VULHUBid:VHN-100963date:2017-10-13T00:00:00
db:VULMONid:CVE-2017-10622date:2017-10-13T00:00:00
db:BIDid:101258date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009398date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-505date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10622date:2017-10-13T17:29:01.003