Sign-up

ID

VAR-201710-0196


CVE

CVE-2017-10623


TITLE

Juniper Networks Junos Space Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009399

DESCRIPTION

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Juniper Networks Junos Space Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.71

sources: NVD: CVE-2017-10623 // JVNDB: JVNDB-2017-009399 // VULHUB: VHN-100964

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:lteversion:16.2

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:17.1r1

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-009399 // CNNVD: CNNVD-201710-504 // NVD: CVE-2017-10623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10623
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10623
value: HIGH

Trust: 1.0

NVD: CVE-2017-10623
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-504
value: HIGH

Trust: 0.6

VULHUB: VHN-100964
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10623
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100964
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10623
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2017-10623
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-100964 // JVNDB: JVNDB-2017-009399 // CNNVD: CNNVD-201710-504 // NVD: CVE-2017-10623 // NVD: CVE-2017-10623

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-100964 // JVNDB: JVNDB-2017-009399 // NVD: CVE-2017-10623

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-504

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201710-504

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009399

PATCH
title:JSA10826 (CVE-2017-10623)url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos Space Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75540
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009399 // 
            
            
            
            CNNVD: CNNVD-201710-504

EXTERNAL IDS
db:NVDid:CVE-2017-10623
Trust: 2.5
db:JUNIPERid:JSA10826
Trust: 1.7
db:JVNDBid:JVNDB-2017-009399
Trust: 0.8
db:CNNVDid:CNNVD-201710-504
Trust: 0.7
db:VULHUBid:VHN-100964
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100964 // 
            
            
            
            JVNDB: JVNDB-2017-009399 // 
            
            
            
            CNNVD: CNNVD-201710-504 // 
            
            
            
            NVD: CVE-2017-10623

REFERENCES
url:https://kb.juniper.net/jsa10826
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10623
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10623
Trust: 0.8
sources:
            
            
            VULHUB: VHN-100964 // 
            
            
            
            JVNDB: JVNDB-2017-009399 // 
            
            
            
            CNNVD: CNNVD-201710-504 // 
            
            
            
            NVD: CVE-2017-10623

SOURCES
db:VULHUBid:VHN-100964
db:JVNDBid:JVNDB-2017-009399
db:CNNVDid:CNNVD-201710-504
db:NVDid:CVE-2017-10623

LAST UPDATE DATE
2024-11-23T22:00:52.203000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100964date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-009399date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-504date:2019-10-10T00:00:00
db:NVDid:CVE-2017-10623date:2024-11-21T03:06:14.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-100964date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009399date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-504date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10623date:2017-10-13T17:29:01.050