CVE-2017-10602

EPSS 0.07%
Published 17.07.2017 13:18:18
Last modified 20.04.2025 01:37:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version14.1x53

Juniper ≫ Junos Version14.2

Juniper ≫ Junos Version14.2 Updater1

Juniper ≫ Junos Version14.2 Updater2

Juniper ≫ Junos Version14.2 Updater3

Juniper ≫ Junos Version14.2 Updater4

Juniper ≫ Junos Version14.2 Updater5

Juniper ≫ Junos Version15.1

Juniper ≫ Junos Version15.1 Updatea1

Juniper ≫ Junos Version15.1 Updatef1

Juniper ≫ Junos Version15.1 Updatef2

Juniper ≫ Junos Version15.1 Updatef2-s1

Juniper ≫ Junos Version15.1 Updatef2-s2

Juniper ≫ Junos Version15.1 Updatef2-s3

Juniper ≫ Junos Version15.1 Updatef2-s4

Juniper ≫ Junos Version15.1 Updatef3

Juniper ≫ Junos Version15.1 Updatef4

Juniper ≫ Junos Version15.1 Updatef6

Juniper ≫ Junos Version15.1 Updater3

Juniper ≫ Junos Version15.1x49

Juniper ≫ Junos Version15.1x49-d10

Juniper ≫ Junos Version15.1x49-d20

Juniper ≫ Junos Version15.1x49-d30

Juniper ≫ Junos Version15.1x49-d35

Juniper ≫ Junos Version15.1x53 Updated10

Juniper ≫ Junos Version15.1x53 Updated20

Juniper ≫ Junos Version15.1x53 Updated21

Juniper ≫ Junos Version15.1x53 Updated25

Juniper ≫ Junos Version15.1x53 Updated30

Juniper ≫ Junos Version15.1x53 Updated32

Juniper ≫ Junos Version15.1x53 Updated33

Juniper ≫ Junos Version15.1x53 Updated34

Juniper ≫ Junos Version15.1x53 Updated40

Juniper ≫ Junos Version15.1x53 Updated45

Juniper ≫ Junos Version15.1x53 Updated70

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.186

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/100323

http://www.securitytracker.com/id/1038900

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10803

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-10602

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10602

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10602

EUVD