cvelistv5 - CVE-2017-2320

CVE-2017-2320 (GCVE-0-2017-2320)

Vulnerability from cvelistv5 – Published: 2017-04-24 15:00 – Updated: 2024-08-05 13:48

Summary

Severity ?

No CVSS data available.

CWE

vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service

Assigner

juniper

References

URL

Tags

	https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97687	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Affected: prior to version 2.1.0 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NorthStar Controller Application",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "prior to version 2.1.0 Service Pack 1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-25T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "97687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2320",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NorthStar Controller Application",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to version 2.1.0 Service Pack 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2320",
    "datePublished": "2017-04-24T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1.0\", \"matchCriteriaId\": \"BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\\u00f3n de informaci\\u00f3n espec\\u00edfica, modificaci\\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\\u00f3n de servicio total de cualquier sistema bajo gesti\\u00f3n con el que NorthStar interact\\u00fae utilizando credenciales de solo lectura o de lectura y escritura.\"}]",
      "id": "CVE-2017-2320",
      "lastModified": "2024-11-21T03:23:16.740",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-04-24T15:59:00.457",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97687\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10783\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2320\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2017-04-24T15:59:00.457\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\u00f3n de informaci\u00f3n espec\u00edfica, modificaci\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\u00f3n de servicio total de cualquier sistema bajo gesti\u00f3n con el que NorthStar interact\u00fae utilizando credenciales de solo lectura o de lectura y escritura.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.0\",\"matchCriteriaId\":\"BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97687\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10783\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2017-2320

Vulnerability from fkie_nvd - Published: 2017-04-24 15:59 - Updated: 2025-04-20 01:37

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/97687	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10783	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97687	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10783	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	northstar_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
              "versionEndIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\u00f3n de informaci\u00f3n espec\u00edfica, modificaci\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\u00f3n de servicio total de cualquier sistema bajo gesti\u00f3n con el que NorthStar interact\u00fae utilizando credenciales de solo lectura o de lectura y escritura."
    }
  ],
  "id": "CVE-2017-2320",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T15:59:00.457",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97687"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10783"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

Tags

Bulletin de sécurité JSA10776 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10778 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10781 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10785 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10780 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10783 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10786 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10777 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10784 Juniper du 12 avril 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper EX Series avec IPv6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 et post\u00e9rieures avec BGP",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller Application ant\u00e9rieures \u00e0 la version 2.1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2322"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2017-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2316"
    },
    {
      "name": "CVE-2017-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2328"
    },
    {
      "name": "CVE-2016-9131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9131"
    },
    {
      "name": "CVE-2015-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1349"
    },
    {
      "name": "CVE-2017-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2333"
    },
    {
      "name": "CVE-2015-5477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5477"
    },
    {
      "name": "CVE-2015-8158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2017-2319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2319"
    },
    {
      "name": "CVE-2013-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4450"
    },
    {
      "name": "CVE-2016-1886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1886"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2017-2334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2334"
    },
    {
      "name": "CVE-2017-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2332"
    },
    {
      "name": "CVE-2017-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2340"
    },
    {
      "name": "CVE-2017-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2325"
    },
    {
      "name": "CVE-2015-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4620"
    },
    {
      "name": "CVE-2017-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2329"
    },
    {
      "name": "CVE-2017-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2318"
    },
    {
      "name": "CVE-2017-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2320"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2330"
    },
    {
      "name": "CVE-2017-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2324"
    },
    {
      "name": "CVE-2017-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2317"
    },
    {
      "name": "CVE-2016-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1014"
    },
    {
      "name": "CVE-2016-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2776"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2017-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2331"
    },
    {
      "name": "CVE-2017-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2326"
    },
    {
      "name": "CVE-2017-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2315"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2017-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2313"
    },
    {
      "name": "CVE-2017-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2323"
    },
    {
      "name": "CVE-2016-9147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9147"
    },
    {
      "name": "CVE-2017-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2327"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-8864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8864"
    },
    {
      "name": "CVE-2017-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2321"
    },
    {
      "name": "CVE-2017-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2312"
    },
    {
      "name": "CVE-2016-9444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9444"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10776 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10776\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10778 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10778\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10781 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10781\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10785 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10785\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10780 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10780\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10783 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10786 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10786\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10777 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10784 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10784\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

Tags

Bulletin de sécurité JSA10776 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10778 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10781 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10785 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10780 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10783 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10786 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10777 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10784 Juniper du 12 avril 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper EX Series avec IPv6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 et post\u00e9rieures avec BGP",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller Application ant\u00e9rieures \u00e0 la version 2.1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2322"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2017-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2316"
    },
    {
      "name": "CVE-2017-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2328"
    },
    {
      "name": "CVE-2016-9131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9131"
    },
    {
      "name": "CVE-2015-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1349"
    },
    {
      "name": "CVE-2017-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2333"
    },
    {
      "name": "CVE-2015-5477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5477"
    },
    {
      "name": "CVE-2015-8158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2017-2319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2319"
    },
    {
      "name": "CVE-2013-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4450"
    },
    {
      "name": "CVE-2016-1886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1886"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2017-2334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2334"
    },
    {
      "name": "CVE-2017-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2332"
    },
    {
      "name": "CVE-2017-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2340"
    },
    {
      "name": "CVE-2017-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2325"
    },
    {
      "name": "CVE-2015-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4620"
    },
    {
      "name": "CVE-2017-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2329"
    },
    {
      "name": "CVE-2017-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2318"
    },
    {
      "name": "CVE-2017-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2320"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2330"
    },
    {
      "name": "CVE-2017-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2324"
    },
    {
      "name": "CVE-2017-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2317"
    },
    {
      "name": "CVE-2016-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1014"
    },
    {
      "name": "CVE-2016-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2776"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2017-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2331"
    },
    {
      "name": "CVE-2017-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2326"
    },
    {
      "name": "CVE-2017-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2315"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2017-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2313"
    },
    {
      "name": "CVE-2017-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2323"
    },
    {
      "name": "CVE-2016-9147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9147"
    },
    {
      "name": "CVE-2017-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2327"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-8864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8864"
    },
    {
      "name": "CVE-2017-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2321"
    },
    {
      "name": "CVE-2017-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2312"
    },
    {
      "name": "CVE-2016-9444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9444"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10776 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10776\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10778 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10778\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10781 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10781\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10785 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10785\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10780 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10780\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10783 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10786 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10786\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10777 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10784 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10784\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

VAR-201704-0740

Vulnerability from variot - Updated: 2023-12-18 11:38

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0740",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "northstar controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "2.1.0 service pack 1"
      },
      {
        "model": "networks northstar controller application service pack",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "2.1.01"
      },
      {
        "model": "northstar controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller application service pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.1.01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "97687"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2320",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-2320",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-07239",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-110523",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 10.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2320",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2320",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07239",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-967",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110523",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2320",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider\u0027s transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. \nVersions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2320",
        "trust": 3.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10783",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "97687",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "id": "VAR-201704-0740",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      }
    ],
    "trust": 1.25138886
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:38:51.918000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10783",
        "trust": 0.8,
        "url": "https://kb.juniper.net/jsa10783"
      },
      {
        "title": "Patch for JuniperNetworksNorthStarControllerApplication Remote Privilege Escalation Vulnerability (CNVD-2017-07239)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/94113"
      },
      {
        "title": "Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70241"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/97687"
      },
      {
        "trust": 2.4,
        "url": "https://kb.juniper.net/jsa10783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2320"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2320"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2017-04-12T00:00:00",
        "db": "BID",
        "id": "97687"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "date": "2017-04-24T15:59:00.457000",
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2017-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2017-04-18T00:07:00",
        "db": "BID",
        "id": "97687"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ],
    "trust": 0.6
  }
}

GHSA-JW9M-G475-84FV

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-24T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
  "id": "GHSA-jw9m-g475-84fv",
  "modified": "2022-05-13T01:44:45Z",
  "published": "2022-05-13T01:44:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2320"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97687"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2320

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2320

Aliases

CVE-2017-2320

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2320",
    "description": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
    "id": "GSD-2017-2320"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2320"
      ],
      "details": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
      "id": "GSD-2017-2320",
      "modified": "2023-12-13T01:21:05.482020Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "ID": "CVE-2017-2320",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NorthStar Controller Application",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to version 2.1.0 Service Pack 1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA10783",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97687",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97687"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2320"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97687",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97687"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-04-24T15:59Z"
    }
  }
}

CNVD-2017-07239

Vulnerability from cnvd - Published: 2017-05-23

Title

Juniper Networks NorthStar Controller Application远程权限提升漏洞（CNVD-2017-07239）

Description

Juniper Networks NorthStar Controller Application是美国瞻博网络（Juniper Networks）公司的一款流量规划控制器。该控制器通过建立开放的行业标准协议来优化服务提供商的传输网络。 Juniper Networks NorthStar Controller Application 2.1.0 Service Pack 1之前的版本中存在权限许可和访问控制漏洞。攻击者可利用该漏洞造成拒绝服务，更改NorthStar系统上的组件。

Severity

高

Patch Name

Juniper Networks NorthStar Controller Application远程权限提升漏洞（CNVD-2017-07239）的补丁

Patch Description

Juniper Networks NorthStar Controller Application是美国瞻博网络（Juniper Networks）公司的一款流量规划控制器。该控制器通过建立开放的行业标准协议来优化服务提供商的传输网络。 Juniper Networks NorthStar Controller Application 2.1.0 Service Pack 1之前的版本中存在远程权限提升漏洞。攻击者可利用该漏洞造成拒绝服务，更改NorthStar系统上的组件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1&actp=LIST

Reference

http://www.securityfocus.com/bid/97687 https://kb.juniper.net/JSA10783

Impacted products

Name
Juniper Networks NorthStar Controller Application <2.1.0 Service Pack 1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97687"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2320"
    }
  },
  "description": "Juniper Networks NorthStar Controller Application\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6d41\u91cf\u89c4\u5212\u63a7\u5236\u5668\u3002\u8be5\u63a7\u5236\u5668\u901a\u8fc7\u5efa\u7acb\u5f00\u653e\u7684\u884c\u4e1a\u6807\u51c6\u534f\u8bae\u6765\u4f18\u5316\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u4f20\u8f93\u7f51\u7edc\u3002\r\n\r\nJuniper Networks NorthStar Controller Application 2.1.0 Service Pack 1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u66f4\u6539NorthStar\u7cfb\u7edf\u4e0a\u7684\u7ec4\u4ef6\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07239",
  "openTime": "2017-05-23",
  "patchDescription": "Juniper Networks NorthStar Controller Application\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6d41\u91cf\u89c4\u5212\u63a7\u5236\u5668\u3002\u8be5\u63a7\u5236\u5668\u901a\u8fc7\u5efa\u7acb\u5f00\u653e\u7684\u884c\u4e1a\u6807\u51c6\u534f\u8bae\u6765\u4f18\u5316\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u4f20\u8f93\u7f51\u7edc\u3002\r\n\r\nJuniper Networks NorthStar Controller Application 2.1.0 Service Pack 1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u66f4\u6539NorthStar\u7cfb\u7edf\u4e0a\u7684\u7ec4\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks NorthStar Controller Application\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2017-07239\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Juniper Networks NorthStar Controller Application \u003c2.1.0 Service Pack 1"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97687\r\nhttps://kb.juniper.net/JSA10783",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-18",
  "title": "Juniper Networks NorthStar Controller Application\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2017-07239\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2320 (GCVE-0-2017-2320)

FKIE_CVE-2017-2320

CERTFR-2017-AVI-111

Solution

CERTFR-2017-AVI-111

Solution

VAR-201704-0740

GHSA-JW9M-G475-84FV

GSD-2017-2320

CNVD-2017-07239

Tags

Sightings

Nomenclature