Search criteria
57 vulnerabilities found for northstar_controller by juniper
FKIE_CVE-2017-2322
Vulnerability from fkie_nvd - Published: 2017-04-24 18:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97613 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97613 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1, puede permitir que un usuario autenticado provoque denegaciones de servicio generalizadas a los servicios del sistema consumiendo puertos TCP y UDP que normalmente est\u00e1n reservados para otros servicios del sistema."
}
],
"id": "CVE-2017-2322",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T18:59:00.587",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97613"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2328
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97617 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97617 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller."
},
{
"lang": "es",
"value": "Una vulnerabilidad de fuga de informaci\u00f3n en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario autenticado, no privilegiado, elevar sus permisos a trav\u00e9s de la lectura de informaci\u00f3n no privilegiada almacenada en el controlador NorthStar."
}
],
"id": "CVE-2017-2328",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.660",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97617"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2317
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97652 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque denegaciones de servicio a las tablas de bases de datos subyacentes conduciendo a la divulgaci\u00f3n potencial de informaci\u00f3n, modificaci\u00f3n de estados del sistema y una denegaci\u00f3n de parcial a completa de los servicios basados en los datos modificados por un atacante."
}
],
"id": "CVE-2017-2317",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.333",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97652"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2332
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97624 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97624 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n insuficiente en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso, no autenticado basado en red, realizar acciones privilegiadas para obtener un control total sobre el entorno."
}
],
"id": "CVE-2017-2332",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.770",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97624"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2326
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97691 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97691 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante no privilegiado, autenticado y basado en la red, reproducir la VM subyacente del SO Junos y todos los datos que mantiene en su sistema local para an\u00e1lisis futuro."
}
],
"id": "CVE-2017-2326",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.597",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97691"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2318
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97660 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97660 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un usuario malicioso autenticado lea archivos de registro lo que comprometer\u00e1 la integridad del sistema o proporcionar\u00e1 elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2017-2318",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.363",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97660"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2329
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97614 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97614 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n insuficiente en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario autenticado, no privilegiado, ejecutar determinados archivos espec\u00edficos del sistema no privilegiados capaces de provocar denegaciones generalizadas de los servicios del sistema."
}
],
"id": "CVE-2017-2329",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.677",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97614"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2319
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97659 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97659 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso comprometer los sistemas de confidencialidad o integridad sin autenticaci\u00f3n, conduciendo a que los sistemas gestionados se vean comprometidos o que se denieguen servicios a usuarios finales aut\u00e9nticos y sistemas como resultado."
}
],
"id": "CVE-2017-2319",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.393",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97659"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2330
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97618 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97618 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario local, no autenticado, crear un escenario de bomba fork, tambi\u00e9n conocido como virus de conejo, o wabbir, lo que crear\u00e1 procesos que se replican ellos mismos, hasta que todos los recursos se consuman en el sistema, conduciendo a una denegaci\u00f3n de servicio a todo el sistema hasta que se reinicie. Los ataques continuos de un usuario local no autenticado pueden llevar a denegaciones de servicios persistentes."
}
],
"id": "CVE-2017-2330",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.707",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97618"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2324
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97604 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97604 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso basado en la red, provocar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2017-2324",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.550",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97604"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2323
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97600 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97600 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso manipular paquetes destinados al dispositivo para provocar una denegaci\u00f3n de servicio persistente al servicio de servidor de c\u00e1lculo de ruta."
}
],
"id": "CVE-2017-2323",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.520",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97600"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2320
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97687 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97687 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\u00f3n de informaci\u00f3n espec\u00edfica, modificaci\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\u00f3n de servicio total de cualquier sistema bajo gesti\u00f3n con el que NorthStar interact\u00fae utilizando credenciales de solo lectura o de lectura y escritura."
}
],
"id": "CVE-2017-2320",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.457",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97687"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2334
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97616 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97616 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de fuga de informaci\u00f3n en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso basado en red realizar un ataque man-in-the-middle, robando credenciales aut\u00e9nticas de rutas cifradas que son f\u00e1cilmente descifrables y posteriormente obtener el control completo del sistema."
}
],
"id": "CVE-2017-2334",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.817",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97616"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2325
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97602 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97602 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario malicioso autenticado provocar un desbordamiento de b\u00fafer conduciendo a una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2017-2325",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.567",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97602"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2331
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97619 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97619 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de elusi\u00f3n de cortafuegos en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso basado en red, eludir las pol\u00edticas de firewall, conduciendo a m\u00e9todos de elusi\u00f3n de autenticaci\u00f3n, divulgaci\u00f3n de informaci\u00f3n, modificaci\u00f3n de archivos del sistema y denegaciones de servicio."
}
],
"id": "CVE-2017-2331",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.737",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97619"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2321
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97693 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97693 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante no autenticado, sin privilegios y basado en la red, provocar varias denegaciones de servicio parciales o totales de los servicios del sistema, modificaci\u00f3n de estados y archivos del sistema y divulgaci\u00f3n potencial de informaci\u00f3n sensible que puede ayudar al atacante en ataques adicionales al sistema mediante el uso de m\u00faltiples vectores de ataque, incluyendo ataques man-in-the-middle, inyecciones de archivos y ejecuci\u00f3n maliciosa de comandos que provocan condiciones de memoria fuera de l\u00edmites conduciendo a otros ataques."
}
],
"id": "CVE-2017-2321",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.473",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97693"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2333
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97608 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97608 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio persistente en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un atacante malicioso, no autenticado basado en red, consumir suficientes recursos del sistema para provocar una denegaci\u00f3n de servicio persistente visitando determinadas URLs espec\u00edficas en el servidor."
}
],
"id": "CVE-2017-2333",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.787",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97608"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2316
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97601 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97601 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario malicioso autenticado provocar un desbordamiento de b\u00fafer conduciendo a una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2017-2316",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.300",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97601"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2327
Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/97609 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97609 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10783 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | northstar_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
"versionEndIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of system resources leading to a cascading denial of services."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir a un usuario malicioso autenticado consumir grandes cantidades de recursos del sistema conduciendo a una denegaci\u00f3n de servicios en cascada."
}
],
"id": "CVE-2017-2327",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T15:59:00.630",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97609"
},
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10783"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-2322 (GCVE-0-2017-2322)
Vulnerability from cvelistv5 – Published: 2017-04-24 18:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
Severity ?
No CVSS data available.
CWE
- denial of service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2322",
"datePublished": "2017-04-24T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2334 (GCVE-0-2017-2334)
Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2334",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2332 (GCVE-0-2017-2332)
Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.
Severity ?
No CVSS data available.
CWE
- insufficient authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2332",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2321 (GCVE-0-2017-2321)
Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.
Severity ?
No CVSS data available.
CWE
- denials of services, modification of system states and files, and potential disclosure of sensitive information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denials of services, modification of system states and files, and potential disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denials of services, modification of system states and files, and potential disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2321",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2320 (GCVE-0-2017-2320)
Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
Severity ?
No CVSS data available.
CWE
- vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2320",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2318 (GCVE-0-2017-2318)
Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges.
Severity ?
No CVSS data available.
CWE
- read log files, compromise the integrity of the system or elevation of privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read log files, compromise the integrity of the system or elevation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the integrity of the system, or provide elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read log files, compromise the integrity of the system or elevation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2318",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2322 (GCVE-0-2017-2322)
Vulnerability from nvd – Published: 2017-04-24 18:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
Severity ?
No CVSS data available.
CWE
- denial of service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2322",
"datePublished": "2017-04-24T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2334 (GCVE-0-2017-2334)
Vulnerability from nvd – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2334",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2332 (GCVE-0-2017-2332)
Vulnerability from nvd – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.
Severity ?
No CVSS data available.
CWE
- insufficient authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2332",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2321 (GCVE-0-2017-2321)
Vulnerability from nvd – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.
Severity ?
No CVSS data available.
CWE
- denials of services, modification of system states and files, and potential disclosure of sensitive information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denials of services, modification of system states and files, and potential disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denials of services, modification of system states and files, and potential disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2321",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2320 (GCVE-0-2017-2320)
Vulnerability from nvd – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
Severity ?
No CVSS data available.
CWE
- vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | NorthStar Controller Application |
Affected:
prior to version 2.1.0 Service Pack 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NorthStar Controller Application",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.0 Service Pack 1"
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-25T09:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2320",
"datePublished": "2017-04-24T15:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}