CVE-2017-10601
Junos OS: Insufficient authentication for user login when a specific system configuration error occurs.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2.
Una configuración de dispositivo específica puede resultar en una condición de fallo de confirmación. Cuando esto ocurre, un usuario inicia sesión sin ser solicitada una contraseña mientras intenta iniciar sesión por medio de la consola, ssh, ftp, telnet o su, etc., Este problema se basa en una condición previa de configuración del dispositivo para presentarse. Típicamente, las configuraciones de dispositivo son el resultado de un cambio administrativo de confianza en la configuración en ejecución del sistema. Los siguientes mensajes de error se pueden visualizar cuando éste fallo se presenta: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. Si no se realizan los cambios administrativos que resultan en un fallo, entonces este problema no se visualiza. Ningún otro producto o plataforma de Juniper Networks se ve afectado por este problema. Las versiones afectadas son Juniper Networks Junos OS versión 12.3 anterior a 12.3R10, 12.3R11; versión 12.3X48 anterior a 12.3X48-D20; versión 13.2 anterior a 13.2R8; versión 13.3 anterior a 13.3R7; versión 14.1 anterior a 14.1R4-S12, 14.1R5, 14.1R6; versión 14.1X53 anterior a 14.1X53-D30; versión 14.2 anterior a 14.2R4; versión 15.1 anterior a 15.1F2, 15.1F3, 15.1R2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-28 CVE Reserved
- 2017-07-14 CVE Published
- 2023-05-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1038902 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10802 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r11 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r7 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r8 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3 Search vendor "Juniper" for product "Junos" and version "12.3" | r9 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d10 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d15 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r7 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r7-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.2 Search vendor "Juniper" for product "Junos" and version "13.2" | r7-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | r5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 13.3 Search vendor "Juniper" for product "Junos" and version "13.3" | r6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1 Search vendor "Juniper" for product "Junos" and version "14.1" | r6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d10 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d15 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d16 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d25 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d26 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | d27 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | r2 |
Affected
| ||||||