Vulnerability Name: | CVE-2017-10603 (CCN-128494) | ||||||||||||
Assigned: | 2017-07-13 | ||||||||||||
Published: | 2017-07-13 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-91 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-10603 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038901 Source: XF Type: UNKNOWN juniper-cve201710603-cmd-exec(128494) Source: CCN Type: Juniper Networks Security Bulletin JSA10805 Local XML Injection through CLI command can lead to privilege escalation (CVE-2017-10603) Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10805 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |