CVE-2017-2326

CWE-200 — Information Exposure5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 48.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Northstar Controller Juniper Networks Northstar Controller Application

Timeline

PublishedApr 24

Latest updateMay 17

Description

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

▶NVDjuniper/northstar_controller2.1.0

🔴Vulnerability Details

GHSA

GHSA-m2vr-5r7j-g5j9: An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2022-05-17

▶

Kernel

sctp: Avoid out-of-bounds reads from address storage↗2017-08-23

▶

CVEList

CVE-2017-2326: An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2017-04-24

▶

📋Vendor Advisories

Juniper

CVE-2017-2326: An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unpriv↗2017-04-24

▶