CVE-2017-10603XML Injection (aka Blind XPath Injection) in Networks Junos OS

CWE-91XML Injection (aka Blind XPath Injection)3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedJul 17
Latest updateMay 13

Description

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os15.1 prior to 15.1R3, 15.1X53 prior to 15.1X53-D47+1
NVDjuniper/junos15.1, 15.1x53+1

🔴Vulnerability Details

1
GHSA
GHSA-62hx-72qc-gr7j: An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root use2022-05-13

📋Vendor Advisories

1
Juniper
CVE-2017-10603: An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root use2017-07-17
CVE-2017-10603 — Networks Junos OS vulnerability | cvebase