Sign-up

ID

VAR-201710-0244


CVE

CVE-2017-10612


TITLE

Juniper Networks Junos Space Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-009383

DESCRIPTION

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. Juniper Networks Junos Space Contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to escalate privileges or to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A remote attacker can exploit this vulnerability to inject malicious HTML or Javascript code

Trust: 1.98

sources: NVD: CVE-2017-10612 // JVNDB: JVNDB-2017-009383 // BID: 101256 // VULHUB: VHN-100952

AFFECTED PRODUCTS

vendor:junipermodel:junos spacescope:lteversion:16.1r3

Trust: 1.0

vendor:junipermodel:junos spacescope:ltversion:17.1r1

Trust: 0.8

vendor:junipermodel:junos spacescope:eqversion:16.1r3

Trust: 0.6

vendor:junipermodel:junos space 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:15.2

Trust: 0.3

vendor:junipermodel:junos space 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r2.11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1r1.9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 14.1.r3.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r4.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r1.9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos space 13.1r1.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 13.1p1.14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space r1.8scope:eqversion:13.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1-

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1

Trust: 0.3

vendor:junipermodel:junos space 12.3r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 12.3r1.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos space 12.3p2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.2

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 0.3

vendor:junipermodel:junos space 11.4r5.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.4

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.3

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 0.3

vendor:junipermodel:junos space 17.1r1scope:neversion: -

Trust: 0.3

sources: BID: 101256 // JVNDB: JVNDB-2017-009383 // CNNVD: CNNVD-201710-515 // NVD: CVE-2017-10612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10612
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10612
value: HIGH

Trust: 1.0

NVD: CVE-2017-10612
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-515
value: HIGH

Trust: 0.6

VULHUB: VHN-100952
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10612
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100952
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10612
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-100952 // JVNDB: JVNDB-2017-009383 // CNNVD: CNNVD-201710-515 // NVD: CVE-2017-10612 // NVD: CVE-2017-10612

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-100952 // JVNDB: JVNDB-2017-009383 // NVD: CVE-2017-10612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-515

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-515

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009383

PATCH
title:JSA10826 (CVE-2017-10612)url:https://kb.juniper.net/JSA10826
Trust: 0.8
title:Juniper Junos Space Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75551
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009383 // 
            
            
            
            CNNVD: CNNVD-201710-515

EXTERNAL IDS
db:NVDid:CVE-2017-10612
Trust: 2.8
db:BIDid:101256
Trust: 2.0
db:JUNIPERid:JSA10826
Trust: 2.0
db:JVNDBid:JVNDB-2017-009383
Trust: 0.8
db:CNNVDid:CNNVD-201710-515
Trust: 0.7
db:VULHUBid:VHN-100952
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100952 // 
            
            
            
            BID: 101256 // 
            
            
            
            JVNDB: JVNDB-2017-009383 // 
            
            
            
            CNNVD: CNNVD-201710-515 // 
            
            
            
            NVD: CVE-2017-10612

REFERENCES
url:http://www.securityfocus.com/bid/101256
Trust: 1.7
url:https://kb.juniper.net/jsa10826
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10612
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10612
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10826&cat=sirt_advisory&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-100952 // 
            
            
            
            BID: 101256 // 
            
            
            
            JVNDB: JVNDB-2017-009383 // 
            
            
            
            CNNVD: CNNVD-201710-515 // 
            
            
            
            NVD: CVE-2017-10612

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101256

SOURCES
db:VULHUBid:VHN-100952
db:BIDid:101256
db:JVNDBid:JVNDB-2017-009383
db:CNNVDid:CNNVD-201710-515
db:NVDid:CVE-2017-10612

LAST UPDATE DATE
2024-11-23T22:00:52.259000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100952date:2019-10-09T00:00:00
db:BIDid:101256date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009383date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-515date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10612date:2024-11-21T03:06:12.633

SOURCES RELEASE DATE
db:VULHUBid:VHN-100952date:2017-10-13T00:00:00
db:BIDid:101256date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009383date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-515date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10612date:2017-10-13T17:29:00.643