CVE-2017-2334

CWE-200 — Information Exposure CWE-3265 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 49.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Northstar Controller Juniper Networks Northstar Controller Application

Timeline

PublishedApr 24

Latest updateMay 17

Description

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/northstar_controller_applicationprior to version 2.1.0 Service Pack 1

▶NVDjuniper/northstar_controller2.1.0

🔴Vulnerability Details

GHSA

GHSA-ww6q-f5mv-3526: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2022-05-17

▶

CVEList

CVE-2017-2334: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2↗2017-04-24

▶

📋Vendor Advisories

Fortinet

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Ma...↗2017-12-15

▶

Juniper

CVE-2017-2334: An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based↗2017-04-24

▶