CVE-2017-10623 — Improper Authentication in Juniper Junos Space

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGHNVD

CNA7.1

EPSS

0.2%

top 53.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedOct 13

Latest updateMay 13

Description

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 17.1R1

▶NVDjuniper/junos_space16.2

🔴Vulnerability Details

GHSA

GHSA-gvv4-39wq-vfhg: Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to interce↗2022-05-13

▶

CVEList

Junos Space: Insufficient verification of cluster messages↗2017-10-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10623: Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to interce↗2017-10-13

▶