CVE-2017-10604
Junos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked out
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series.
Cuando el dispositivo está configurado para realizar el bloqueo de la cuenta con un período de tiempo definido, cualquier usuario no autenticado que intente iniciar sesión como root con una contraseña incorrecta puede desencadenar un bloqueo de la cuenta root. Cuando un dispositivo de la serie SRX está en modo clúster y se produce una operación de sincronización o conmutación por error del clúster, entonces habrá errores asociados con la sincronización o la conmutación por error mientras la cuenta root está bloqueada. Los administradores pueden confirmar si la cuenta root está bloqueada por medio del siguiente comando root@device> show system login show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Las versiones afectadas son Juniper Networks Junos OS versión 12.1X46 anterior a 12.1X46-D65 en la serie SRX; versión 12.3X48 anterior a 12.3X48-D45 en la serie SRX; versión 15.1X49 anterior a 15.1X49-D75 en la serie SRX.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-06-28 CVE Reserved
- 2017-07-14 CVE Published
- 2023-05-24 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1038886 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10806 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d10 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d15 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d20 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d25 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d35 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d40 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d45 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d50 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.1x46 Search vendor "Juniper" for product "Junos" and version "12.1x46" | d55 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d10 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d15 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d20 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d25 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d35 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 12.3x48 Search vendor "Juniper" for product "Junos" and version "12.3x48" | d40 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d10 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d20 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d30 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d35 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d40 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d45 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d50 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d55 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d60 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d65 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 15.1x49 Search vendor "Juniper" for product "Junos" and version "15.1x49" | d70 |
Affected
| in | Juniper Search vendor "Juniper" | Srx Search vendor "Juniper" for product "Srx" | - | - |
Safe
|