CVE-2017-2328

CWE-200Information ExposureCWE-3547 documents6 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 83.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Northstar ControllerJuniper Networks Northstar Controller Application
Timeline
PublishedApr 24
Latest updateMay 17

Description

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

🔴Vulnerability Details

2
GHSA
GHSA-pccg-qq7f-c364: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 22022-05-17
CVEList
CVE-2017-2328: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 22017-04-24

📋Vendor Advisories

1
Juniper
CVE-2017-2328: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged2017-04-24

💬Community

1
Bugzilla
CVE-2017-14632 libvorbis: Invalid freeing of uninitialized memory in the function vorbis_analysis_headerout()2017-10-09