CVE-2017-10604 — Improper Restriction of Excessive Authentication Attempts in Networks Junos OS

CWE-307 — Improper Restriction of Excessive Authentication Attempts4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 43.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedJul 17

Latest updateMay 13

Description

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@dev…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶juniperjuniper/srx_series

▶CVEListV5juniper_networks/junos_os12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D75+2

▶NVDjuniper/junos12.1x46, 12.3x48, 15.1x49+2

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-jjjw-r883-r73w: When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10604: When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an↗2017-07-17

▶

💬Community

Bugzilla

CVE-2016-8749 camel-jackson, camel-jacksonxml: Unmarshalling operation are vulnerable to RCE↗2017-02-09

▶