CVE-2017-2320 - OpenCVE

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Northstar Controller

Configuration 1 [-]

cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97687	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10783	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2017-04-24T15:00:00

Updated: 2017-04-25T09:57:01

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2320

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-24T15:59:00.457

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-2320

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "NorthStar Controller Application", "vendor": "Juniper Networks", "versions": [{"status": "affected", "version": "prior to version 2.1.0 Service Pack 1"}]}], "datePublic": "2017-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."}], "problemTypes": [{"descriptions": [{"description": "vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-25T09:57:01", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA10783"}, {"name": "97687", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97687"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "ID": "CVE-2017-2320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NorthStar Controller Application", "version": {"version_data": [{"version_value": "prior to version 2.1.0 Service Pack 1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA10783", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA10783"}, {"name": "97687", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97687"}]}}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2017-2320", "datePublished": "2017-04-24T15:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2017-04-25T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF", "versionEndIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."}, {"lang": "es", "value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\u00f3n de informaci\u00f3n espec\u00edfica, modificaci\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\u00f3n de servicio total de cualquier sistema bajo gesti\u00f3n con el que NorthStar interact\u00fae utilizando credenciales de solo lectura o de lectura y escritura."}], "id": "CVE-2017-2320", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-24T15:59:00.457", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97687"}, {"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA10783"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}