CVE-2017-2321 - A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service

CVE-2017-2321

Summary

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.

References

Vulnerable Configurations

cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	97693
confirm	https://kb.juniper.net/JSA10783

Last major update

03-10-2019 - 00:03

Published

24-04-2017 - 15:59

Last modified

03-10-2019 - 00:03