CVE-2017-10602
Junos OS: buffer overflow vulnerability in Junos CLI
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.
Una vulnerabilidad de desbordamiento de búfer en la CLI de Junos OS puede permitir que un usuario autenticado local con privilegios de solo lectura y acceso a la CLI de Junos ejecute código con privilegios root. Las versiones afectadas son Juniper Networks Junos OS: versión 14.1X53 y versiones anteriores a 14.1X53-D46 en EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; Versiones 14.1X53 anteriores a 14.1X53-D130 en QFabric System; versión 14.2 y versiones anteriores a 14.2R4-S9, 14.2R6; versión 15.1 y versiones anteriores a 15.1F5, 15.1R3; versión 15.1X49 anteriores a 15.1X49-D40 en la serie SRX; versión 15.1X53 anteriores a 15.1X53-D47 en NFX150, NFX250; versión 15.1X53 anteriores a 15.1X53-D65 en la serie QFX10000; versión 15.1X53 anteriores a 15.1X53-D233 en QFX5110, QFX5200.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-28 CVE Reserved
- 2017-07-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100323 | Vdb Entry | |
| http://www.securitytracker.com/id/1038900 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10803 | 2018-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.1x53 Search vendor "Juniper" for product "Junos" and version "14.1x53" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 14.2 Search vendor "Juniper" for product "Junos" and version "14.2" | r5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | a1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f2-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | f6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1 Search vendor "Juniper" for product "Junos" and version "15.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49-d10 Search vendor "Juniper" for product "Junos" and version "15.1x49-d10" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49-d20 Search vendor "Juniper" for product "Junos" and version "15.1x49-d20" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49-d30 Search vendor "Juniper" for product "Junos" and version "15.1x49-d30" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49-d35 Search vendor "Juniper" for product "Junos" and version "15.1x49-d35" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d10 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d20 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d21 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d25 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d30 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d32 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d33 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d34 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d40 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d45 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x53 Search vendor "Juniper" for product "Junos" and version "15.1x53" | d70 |
Affected
| ||||||