CNVD-2017-23949
Vulnerability from cnvd - Published: 2017-08-31
VLAI Severity ?
Title
多款Juniper产品Junos OS权限提升漏洞
Description
Juniper QFX5110 series等都是美国瞻博网络(Juniper Networks)公司的产品。QFX5110 series是一系列以太网交换机;Juniper vSRX series是一系列防火墙模拟器产品;SRX1500 series是一系列防火墙设备。Junos OS是其中的一套操作系统。
多款Juniper产品中的Junos OS 14.1X53版本,15.1版本,15.1X49版本和16.1版本中存在安全漏洞,该漏洞源于程序没有充分的执行身份验证。攻击者可利用该漏洞获取主机操作环境的访问权限,并提升权限。
Severity
高
Patch Name
多款Juniper产品Junos OS权限提升漏洞的补丁
Patch Description
Juniper QFX5110 series等都是美国瞻博网络(Juniper Networks)公司的产品。QFX5110 series是一系列以太网交换机;Juniper vSRX series是一系列防火墙模拟器产品;SRX1500 series是一系列防火墙设备。Junos OS是其中的一套操作系统。
多款Juniper产品中的Junos OS 14.1X53版本,15.1版本,15.1X49版本和16.1版本中存在安全漏洞,该漏洞源于程序未能充分的执行身份验证。攻击者可利用该漏洞获取主机操作环境的访问权限,并提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787
Reference
http://securitytracker.com/id/1038893
Impacted products
| Name | ['Juniper Networks Junos OS 15.1', 'Juniper Networks Junos OS 16.1', 'Juniper Networks Junos OS 14.1X53', 'Juniper Networks Junos OS 15.1X49', 'Juniper Networks Junos OS vSRX', 'Juniper Networks Junos OS SRX1500', 'Juniper Networks Junos OS SRX4100', 'Juniper Networks Junos OS SRX4200', 'Juniper Networks Junos OS QFX5110', 'Juniper Networks Junos OS QFX5200', 'Juniper Networks Junos OS QFX10002', 'Juniper Networks Junos OS QFX10008', 'Juniper Networks Junos OS QFX10016', 'Juniper Networks Junos OS ACX5000', 'Juniper Networks Junos OS EX4600', 'Juniper Networks Junos OS NFX250 devices'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-2341"
}
},
"description": "Juniper QFX5110 series\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002QFX5110 series\u662f\u4e00\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\uff1bJuniper vSRX series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u6a21\u62df\u5668\u4ea7\u54c1\uff1bSRX1500 series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u4e2d\u7684Junos OS 14.1X53\u7248\u672c\uff0c15.1\u7248\u672c\uff0c15.1X49\u7248\u672c\u548c16.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u5145\u5206\u7684\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u64cd\u4f5c\u73af\u5883\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u63d0\u5347\u6743\u9650\u3002",
"discovererName": "Juniper Networks",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-23949",
"openTime": "2017-08-31",
"patchDescription": "Juniper QFX5110 series\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002QFX5110 series\u662f\u4e00\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\uff1bJuniper vSRX series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u6a21\u62df\u5668\u4ea7\u54c1\uff1bSRX1500 series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u4e2d\u7684Junos OS 14.1X53\u7248\u672c\uff0c15.1\u7248\u672c\uff0c15.1X49\u7248\u672c\u548c16.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u64cd\u4f5c\u73af\u5883\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eJuniper\u4ea7\u54c1Junos OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Juniper Networks Junos OS 15.1",
"Juniper Networks Junos OS 16.1",
"Juniper Networks Junos OS 14.1X53",
"Juniper Networks Junos OS 15.1X49",
"Juniper Networks Junos OS vSRX",
"Juniper Networks Junos OS SRX1500",
"Juniper Networks Junos OS SRX4100",
"Juniper Networks Junos OS SRX4200",
"Juniper Networks Junos OS QFX5110",
"Juniper Networks Junos OS QFX5200",
"Juniper Networks Junos OS QFX10002",
"Juniper Networks Junos OS QFX10008",
"Juniper Networks Junos OS QFX10016",
"Juniper Networks Junos OS ACX5000",
"Juniper Networks Junos OS EX4600",
"Juniper Networks Junos OS NFX250 devices"
]
},
"referenceLink": "http://securitytracker.com/id/1038893",
"serverity": "\u9ad8",
"submitTime": "2017-07-20",
"title": "\u591a\u6b3eJuniper\u4ea7\u54c1Junos OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…