CVE-2017-2309 — Sensitive Information Exposure in Juniper Junos Space

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 55.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedMay 30

Latest updateMay 17

Description

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 16.1R1

▶NVDjuniper/junos_space16.1

🔴Vulnerability Details

GHSA

GHSA-x7wv-hq5r-rg59: On Juniper Networks Junos Space versions prior to 16↗2022-05-17

▶

CVEList

CVE-2017-2309: On Juniper Networks Junos Space versions prior to 16↗2017-05-30

▶

📋Vendor Advisories

Juniper

CVE-2017-2309: On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted↗2017-05-30

▶