CVE-2017-2329

CWE-287 — Improper Authentication5 documents5 sources

Severity

6.2MEDIUM

EPSS

0.2%

top 59.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Northstar Controller Juniper Networks Northstar Controller Application

Timeline

PublishedApr 24

Latest updateMay 17

Description

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

▶NVDjuniper/northstar_controller2.1.0

🔴Vulnerability Details

GHSA

GHSA-r6x8-qmh8-pfm4: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2022-05-17

▶

CVEList

CVE-2017-2329: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2017-04-24

▶

📋Vendor Advisories

Juniper

CVE-2017-2329: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an u↗2017-04-24

▶

💬Community

Bugzilla

CVE-2017-14633 libvorbis: Out-of-bounds array read in the function mapping0_forward()↗2017-10-09

▶