CVE-2017-10603

EPSS 0.09%
Veröffentlicht 17.07.2017 13:18:18
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS: Local XML Injection through CLI command can lead to privilege escalation

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 25 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version15.1x53

Juniper ≫ Junos Version15.1x53 Updated10

Juniper ≫ Junos Version15.1x53 Updated20

Juniper ≫ Junos Version15.1x53 Updated21

Juniper ≫ Junos Version15.1x53 Updated25

Juniper ≫ Junos Version15.1x53 Updated30

Juniper ≫ Junos Version15.1x53 Updated32

Juniper ≫ Junos Version15.1x53 Updated33

Juniper ≫ Junos Version15.1x53 Updated34

Juniper ≫ Junos Version15.1x53 Updated40

Juniper ≫ Junos Version15.1x53 Updated45

Juniper ≫ Junos Version15.1

Juniper ≫ Junos Version15.1 Updatea1

Juniper ≫ Junos Version15.1 Updatef1

Juniper ≫ Junos Version15.1 Updatef2

Juniper ≫ Junos Version15.1 Updatef2-s1

Juniper ≫ Junos Version15.1 Updatef2-s2

Juniper ≫ Junos Version15.1 Updatef2-s3

Juniper ≫ Junos Version15.1 Updatef2-s4

Juniper ≫ Junos Version15.1 Updatef3

Juniper ≫ Junos Version15.1 Updatef4

Juniper ≫ Junos Version15.1 Updatef6

Juniper ≫ Junos Version15.1 Updatef7

Juniper ≫ Junos Version15.1 Updater1

Juniper ≫ Junos Version15.1 Updater2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.264

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

http://www.securitytracker.com/id/1038901

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10805

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-10603

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10603

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10603

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-10603