CVE-2017-2332

CWE-287 — Improper Authentication5 documents5 sources

Severity

8.8HIGH

EPSS

1.1%

top 22.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Northstar Controller Juniper Networks Northstar Controller Application

Timeline

PublishedApr 24

Latest updateMay 17

Description

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

▶NVDjuniper/northstar_controller2.1.0

🔴Vulnerability Details

GHSA

GHSA-qx2f-6ccj-5hw6: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2022-05-17

▶

CVEList

CVE-2017-2332: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2017-04-24

▶

📋Vendor Advisories

Juniper

CVE-2017-2332: An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a ma↗2017-04-24

▶

💬Community

Bugzilla

CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host↗2018-02-20

▶