Juniper Junos Remote Execution Vulnerability (JSA10818)

🗓️ 20 Oct 2017 00:00:00Reported by TenableType

Juniper Junos Remote Execution Vulnerability in PA

Reporter	Title	Published	Views	Family All 7
CNVD	Juniper Junos OS Denial of Service Vulnerability (CNVD-2017-33970)	19 Oct 201700:00	–	cnvd
CVE	CVE-2017-10615	13 Oct 201717:00	–	cve
Cvelist	CVE-2017-10615 Junos: Potential remote code execution vulnerability in PAM	13 Oct 201717:00	–	cvelist
EUVD	EUVD-2017-2262	7 Oct 202500:30	–	euvd
NVD	CVE-2017-10615	13 Oct 201717:29	–	nvd
OSV	CVE-2017-10615	13 Oct 201717:29	–	osv
Prion	Design/Logic Flaw	13 Oct 201717:29	–	prion

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(104038);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2017-10615");
  script_xref(name:"JSA", value:"JSA10817");

  script_name(english:"Juniper Junos Remote Execution Vulnerability (JSA10818)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos device
is affected by a vulnerability in the pluggable authentication module 
(PAM) of Juniper Networks Junos OS that may allow an unauthenticated network 
based attacker to potentially execute arbitrary code or crash daemons 
such as telnetd or sshd that make use of PAM.");
  # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10818&actp=METADATA
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb27d038");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in
Juniper advisory JSA10818.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10615");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include("junos.inc");

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var model = get_kb_item_or_exit('Host/Juniper/model');

var vuln_ranges;

if (model =~ '^EX[0-9]'|| model =~ '^QFX[0-9]')
  vuln_ranges = [{'min_ver':'14.1X53', 'fixed_ver':'14.1X53-D46'}];
else
  vuln_ranges = [
    {'min_ver':'14.1', 'fixed_ver':'14.1R8-S4'},
    {'min_ver':'14.2', 'fixed_ver':'14.2R7-S8'}
  ];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix))
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);

22 Apr 2026 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

CVSS 39.8

EPSS0.01716