Juniper Junos CLI XML Privilege Escalation (JSA10805)

🗓️ 31 Jul 2017 00:00:00Reported by TenableType

Juniper Junos CLI XML Privilege Escalation vulnerability (JSA10805) allows local attackers to gain elevated privileges and execute arbitrary code as root user

Reporter	Title	Published	Views	Family All 6
CNVD	Juniper Junos Local Elevation of Privilege Vulnerability (CNVD-2015-00386)	14 Jul 201700:00	–	cnvd
CVE	CVE-2017-10603	14 Jul 201714:00	–	cve
Cvelist	CVE-2017-10603 Junos OS: Local XML Injection through CLI command can lead to privilege escalation	14 Jul 201714:00	–	cvelist
EUVD	EUVD-2017-2250	7 Oct 202500:30	–	euvd
NVD	CVE-2017-10603	17 Jul 201713:18	–	nvd
Prion	Design/Logic Flaw	17 Jul 201713:18	–	prion

Source	Link
kb	www.kb.juniper.net/InfoCenter/index
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(102080);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2017-10603");
  script_xref(name:"JSA", value:"JSA10805");

  script_name(english:"Juniper Junos CLI XML Privilege Escalation (JSA10805)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Juniper
Junos device is affected by a privilege escalation vulnerability in
the CLI component due to improper validation of user-supplied input
before being processed as XML content. A local attacker can exploit
this, via XML injection, to gain elevated privileges and execute
arbitrary code as the root user.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10805");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10805.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Set to score from vendor advisory.");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/31");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2026 Tenable Network Security, Inc.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include("junos.inc");

var ver   = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'15.1X53', 'fixed_ver':'15.1X53-D47'},
  {'min_ver':'15.1', 'fixed_ver':'15.1R3'}
];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix))
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);

22 Apr 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 27.2

CVSS 37 - 7.8

EPSS0.0009