Sign-up

ID

VAR-201710-0197


CVE

CVE-2017-10624


TITLE

Juniper Networks Junos Space Vulnerabilities related to insufficient validation of data reliability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009400

DESCRIPTION

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Juniper Networks Junos Space Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos Space is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle

Trust: 1.98

sources: NVD: CVE-2017-10624 // JVNDB: JVNDB-2017-009400 // BID: 101255 // VULHUB: VHN-100965

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:lteversion:16.1

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:17.1r1

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:16.1

Trust: 0.6

vendor:junipermodel:junos space 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:15.2

Trust: 0.3

vendor:junipermodel:junos space 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r2.11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1r1.9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1.r3.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r4.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r1.9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos space 13.1r1.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.1p1.14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space r1.8scope:eqversion:13.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1-

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1

Trust: 0.3

vendor:junipermodel:junos space 12.3r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 12.3r1.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 12.3p2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.2

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.4

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.3

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:1.0

Trust: 0.3

vendor:junipermodel:junos space 17.1r1scope:neversion: -

Trust: 0.3

sources: BID: 101255 // JVNDB: JVNDB-2017-009400 // CNNVD: CNNVD-201710-503 // NVD: CVE-2017-10624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10624
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10624
value: HIGH

Trust: 1.0

NVD: CVE-2017-10624
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-503
value: HIGH

Trust: 0.6

VULHUB: VHN-100965
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10624
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100965
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10624
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-100965 // JVNDB: JVNDB-2017-009400 // CNNVD: CNNVD-201710-503 // NVD: CVE-2017-10624 // NVD: CVE-2017-10624

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.9

sources: VULHUB: VHN-100965 // JVNDB: JVNDB-2017-009400 // NVD: CVE-2017-10624

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-503

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201710-503

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009400

PATCH
title:JSA10826 (CVE-2017-10624)url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&actp=METADATA
Trust: 0.8
title:Juniper Junos Space Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75539
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009400 // 
            
            
            
            CNNVD: CNNVD-201710-503

EXTERNAL IDS
db:NVDid:CVE-2017-10624
Trust: 2.8
db:JUNIPERid:JSA10826
Trust: 2.0
db:BIDid:101255
Trust: 2.0
db:JVNDBid:JVNDB-2017-009400
Trust: 0.8
db:CNNVDid:CNNVD-201710-503
Trust: 0.7
db:VULHUBid:VHN-100965
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100965 // 
            
            
            
            BID: 101255 // 
            
            
            
            JVNDB: JVNDB-2017-009400 // 
            
            
            
            CNNVD: CNNVD-201710-503 // 
            
            
            
            NVD: CVE-2017-10624

REFERENCES
url:http://www.securityfocus.com/bid/101255
Trust: 1.7
url:https://kb.juniper.net/jsa10826
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10624
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10624
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/au/en/products-services/software/junos-platform/junos-space/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10826&cat=sirt_advisory&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-100965 // 
            
            
            
            BID: 101255 // 
            
            
            
            JVNDB: JVNDB-2017-009400 // 
            
            
            
            CNNVD: CNNVD-201710-503 // 
            
            
            
            NVD: CVE-2017-10624

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101255

SOURCES
db:VULHUBid:VHN-100965
db:BIDid:101255
db:JVNDBid:JVNDB-2017-009400
db:CNNVDid:CNNVD-201710-503
db:NVDid:CVE-2017-10624

LAST UPDATE DATE
2024-11-23T22:00:52.228000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100965date:2019-10-09T00:00:00
db:BIDid:101255date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009400date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-503date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10624date:2024-11-21T03:06:14.163

SOURCES RELEASE DATE
db:VULHUBid:VHN-100965date:2017-10-13T00:00:00
db:BIDid:101255date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009400date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-503date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10624date:2017-10-13T17:29:01.080