CVE-2017-10624 — Insufficient Verification of Data Authenticity in Juniper Junos Space

CWE-345 — Insufficient Verification of Data Authenticity4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 73.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedOct 13

Latest updateMay 13

Description

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 17.1R1

▶NVDjuniper/junos_space16.1

🔴Vulnerability Details

GHSA

GHSA-vqmj-9mfq-wgjj: Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized mod↗2022-05-13

▶

CVEList

Junos Space: Insufficient verification of node certificates.↗2017-10-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10624: Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized mod↗2017-10-13

▶