Details of VAR-201710-0247

ID

VAR-201710-0247

CVE

CVE-2017-10615

TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009386

DESCRIPTION

A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue. Juniper Networks Junos OS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. The pluggable authentication module (PAM) is one of the authentication modules. A security vulnerability exists in PAM in Juniper Junos OS Release 14.1, 14.1X53, and 14.2

Trust: 1.71

sources: NVD: CVE-2017-10615 // JVNDB: JVNDB-2017-009386 // VULHUB: VHN-100955

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	lt	version:	14.2r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x53 (ex/qfx series )	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r9	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2 from 14.2r7-s8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1 from 14.1r8-s4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d50	Trust: 0.8

sources: JVNDB: JVNDB-2017-009386 // CNNVD: CNNVD-201710-512 // NVD: CVE-2017-10615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10615
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2017-10615
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-10615
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201710-512
value:	HIGH
Trust: 0.6
VULHUB:	VHN-100955
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-10615
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-100955
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10615
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-100955 // JVNDB: JVNDB-2017-009386 // CNNVD: CNNVD-201710-512 // NVD: CVE-2017-10615 // NVD: CVE-2017-10615

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-100955 // JVNDB: JVNDB-2017-009386 // NVD: CVE-2017-10615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-512

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201710-512

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009386

PATCH

title:	JSA10818	url:	https://kb.juniper.net/JSA10818	Trust: 0.8
title:	Juniper Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75548	Trust: 0.6

sources: JVNDB: JVNDB-2017-009386 // CNNVD: CNNVD-201710-512

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10615	Trust: 2.5
db:	JUNIPER	id:	JSA10818	Trust: 1.7
db:	SECTRACK	id:	1040039	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-009386	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-512	Trust: 0.7
db:	VULHUB	id:	VHN-100955	Trust: 0.1

sources: VULHUB: VHN-100955 // JVNDB: JVNDB-2017-009386 // CNNVD: CNNVD-201710-512 // NVD: CVE-2017-10615

REFERENCES

url:	https://kb.juniper.net/jsa10818	Trust: 1.7
url:	http://www.securitytracker.com/id/1040039	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10615	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10615	Trust: 0.8

sources: VULHUB: VHN-100955 // JVNDB: JVNDB-2017-009386 // CNNVD: CNNVD-201710-512 // NVD: CVE-2017-10615

SOURCES

db:	VULHUB	id:	VHN-100955
db:	JVNDB	id:	JVNDB-2017-009386
db:	CNNVD	id:	CNNVD-201710-512
db:	NVD	id:	CVE-2017-10615

LAST UPDATE DATE

2024-08-14T15:18:37.368000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-100955	date:	2018-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-009386	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201710-512	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2017-10615	date:	2018-01-05T02:31:28.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-100955	date:	2017-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-009386	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201710-512	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2017-10615	date:	2017-10-13T17:29:00.753