CVE-2017-2309 - OpenCVE

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Junos Space

Configuration 1 [-]

cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/98750	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10770	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2017-05-30T14:00:00

Updated: 2017-05-31T09:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2309

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-05-30T14:29:01.050

Modified: 2017-06-09T14:54:10.840

Link: CVE-2017-2309

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "Junos Space", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "versions prior to 16.1R1"}]}], "datePublic": "2017-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk."}], "problemTypes": [{"descriptions": [{"description": "information leak vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-31T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"name": "98750", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98750"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10770"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "ID": "CVE-2017-2309", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos Space", "version": {"version_data": [{"version_value": "versions prior to 16.1R1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leak vulnerability"}]}]}, "references": {"reference_data": [{"name": "98750", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98750"}, {"name": "https://kb.juniper.net/JSA10770", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10770"}]}}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2017-2309", "datePublished": "2017-05-30T14:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2017-05-31T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4B7AAA8-3D94-452C-A72E-E2A2F4840C95", "versionEndIncluding": "16.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk."}, {"lang": "es", "value": "En Junos Space anterior a versi\u00f3n 16.1R1 de Juniper Networks, cuando la autenticaci\u00f3n basada en certificados est\u00e1 habilitada para el cl\u00faster de Junos Space, algunos servicios web restringidos son accesibles por medio de la red. Esto representa un riesgo de filtrado de informaci\u00f3n."}], "id": "CVE-2017-2309", "lastModified": "2017-06-09T14:54:10.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-30T14:29:01.050", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98750"}, {"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10770"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}