CVE-2017-10606

EPSS 0.05%
Published 13.10.2017 17:29:00
Last modified 20.04.2025 01:37:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Trusted Platform Module Firmware Version4.40

   Juniper ≫ Srx300 Version-
   Juniper ≫ Srx320 Version-
   Juniper ≫ Srx340 Version-
   Juniper ≫ Srx345 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.132

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
sirt@juniper.net	4.4	0.8	3.6	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

https://kb.juniper.net/JSA10809

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-10606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10606

EUVD