CVE-2017-10615 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.7%

top 17.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper EX Series +2 more

Timeline

PublishedOct 13

Latest updateMay 14

Description

A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Jun…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5juniper_networks/junos_os14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9, 14.1X53 prior to 14.1X53-D50, 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8+2

▶NVDjuniper/junos14.1, 14.1x53, 14.2+2

▶juniperjuniper/junos_os

▶juniperjuniper/ex_series

▶juniperjuniper/qfx_series

🔴Vulnerability Details

GHSA

GHSA-g5m5-p4w3-7p3m: A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to poten↗2022-05-14

▶

📋Vendor Advisories

Juniper

CVE-2017-10615: A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to poten↗2017-10-13

▶