CVE-2017-2320

CWE-200 — Information Exposure4 documents4 sources

Severity

10.0CRITICAL

EPSS

0.5%

top 34.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Northstar Controller Juniper Networks Northstar Controller Application

Timeline

PublishedApr 24

Latest updateMay 13

Description

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

▶NVDjuniper/northstar_controller2.1.0

🔴Vulnerability Details

GHSA

GHSA-jw9m-g475-84fv: A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2022-05-13

▶

CVEList

CVE-2017-2320: A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2017-04-24

▶

📋Vendor Advisories

Juniper

CVE-2017-2320: A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged,↗2017-04-24

▶