CVE-2017-10601 — Improper Authentication in Networks Junos OS

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 37.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJul 17

Latest updateMay 13

Description

A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit fail…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os8 versions+7

▶NVDjuniper/junos8 versions+7

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-8vp7-j7jr-rqp7: A specific device configuration can result in a commit failure condition↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10601: A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password↗2017-07-17

▶