Lucene search

[email protected]CVE-2017-2349

HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-2349

2017-07-1713:18:24

CWE-77

[email protected]

web.nvd.nist.gov

cve-2017-2349

juniper networks

junos os

srx series

command injection

idp

security vulnerability

privilege escalation

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.9%

JSON

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30.

Affected configurations

NVD

Node

juniperjunosMatch12.1x44

juniperjunosMatch12.1x44d10

juniperjunosMatch12.1x44d15

juniperjunosMatch12.1x44d20

juniperjunosMatch12.1x44d25

juniperjunosMatch12.1x44d30

juniperjunosMatch12.1x44d35

juniperjunosMatch12.1x44d40

juniperjunosMatch12.1x44d45

juniperjunosMatch12.1x44d50

juniperjunosMatch12.1x44d55

juniperjunosMatch12.1x46

juniperjunosMatch12.1x46d10

juniperjunosMatch12.1x46d15

juniperjunosMatch12.1x46d20

juniperjunosMatch12.1x46d25

juniperjunosMatch12.1x46d30

juniperjunosMatch12.1x46d35

juniperjunosMatch12.1x46d40

juniperjunosMatch12.1x46d45

juniperjunosMatch12.1x46d50

juniperjunosMatch12.1x46d55

juniperjunosMatch12.1x47

juniperjunosMatch12.1x47d10

juniperjunosMatch12.1x47d15

juniperjunosMatch12.1x47d20

juniperjunosMatch12.1x47d25

juniperjunosMatch12.1x47d35

juniperjunosMatch12.3x48

juniperjunosMatch12.3x48d10

juniperjunosMatch12.3x48d15

juniperjunosMatch12.3x48d30

juniperjunosMatch15.1x49d10

juniperjunosMatch15.1x49d15

juniperjunosMatch15.1x49d30

CPENameOperatorVersion
juniper:junosjuniper junoseq12.1x44
juniper:junosjuniper junoseq12.1x46
juniper:junosjuniper junoseq12.1x47
juniper:junosjuniper junoseq12.3x48
juniper:junosjuniper junoseq15.1x49

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	12.1x44
juniper:junos	juniper junos	eq	12.1x46
juniper:junos	juniper junos	eq	12.1x47
juniper:junos	juniper junos	eq	12.3x48
juniper:junos	juniper junos	eq	15.1x49

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.1X44 prior to 12.1X44-D60"
      },
      {
        "status": "affected",
        "version": "12.1X46 prior to 12.1X46-D50"
      },
      {
        "status": "affected",
        "version": "12.1X47 prior to 12.1X47-D30, 12.1X47-D35"
      },
      {
        "status": "affected",
        "version": "12.3X48 prior to 12.3X48-D20, 12.3X48-D30"
      },
      {
        "status": "affected",
        "version": "15.1X49 prior to 15.1X49-D20, 15.1X49-D30"
      }
    ]
  }
]

References

www.securitytracker.com/id/1038898

kb.juniper.net/JSA10801

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.9%

JSON

Related for CVE-2017-2349

cvelist1 prion1 nvd1 nessus1