CVE-2017-2308 — XML External Entity (XXE) Injection in Juniper Junos Space

CWE-611 — XML External Entity (XXE) Injection4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedMay 30

Latest updateMay 17

Description

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 16.1R1

▶NVDjuniper/junos_space16.1

🔴Vulnerability Details

GHSA

GHSA-8288-c5xc-3655: An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16↗2022-05-17

▶

CVEList

CVE-2017-2308: An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16↗2017-05-30

▶

📋Vendor Advisories

Juniper

CVE-2017-2308: An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitr↗2017-05-30

▶