JuniperCVELIST:CVE-2017-10617CVE-2017-10617 Contrail: XML External Entity (XXE) vulnerability
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
CNA Affected
[
{
"vendor": "Juniper Networks",
"product": "Contrail",
"versions": [
{
"version": "2.2",
"status": "affected",
"lessThan": "2.21.4",
"versionType": "custom"
},
{
"version": "3.0",
"status": "affected",
"lessThan": "3.0.3.4",
"versionType": "custom"
},
{
"version": "3.1",
"status": "affected",
"lessThan": "3.1.4.0",
"versionType": "custom"
},
{
"version": "3.2",
"status": "affected",
"lessThan": "3.2.5.0",
"versionType": "custom"
}
]
}
]Related
5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%