cnvd-2017-23949
Vulnerability from cnvd
Title: 多款Juniper产品Junos OS权限提升漏洞
Description:
Juniper QFX5110 series等都是美国瞻博网络(Juniper Networks)公司的产品。QFX5110 series是一系列以太网交换机;Juniper vSRX series是一系列防火墙模拟器产品;SRX1500 series是一系列防火墙设备。Junos OS是其中的一套操作系统。
多款Juniper产品中的Junos OS 14.1X53版本,15.1版本,15.1X49版本和16.1版本中存在安全漏洞,该漏洞源于程序没有充分的执行身份验证。攻击者可利用该漏洞获取主机操作环境的访问权限,并提升权限。
Severity: 高
Patch Name: 多款Juniper产品Junos OS权限提升漏洞的补丁
Patch Description:
Juniper QFX5110 series等都是美国瞻博网络(Juniper Networks)公司的产品。QFX5110 series是一系列以太网交换机;Juniper vSRX series是一系列防火墙模拟器产品;SRX1500 series是一系列防火墙设备。Junos OS是其中的一套操作系统。
多款Juniper产品中的Junos OS 14.1X53版本,15.1版本,15.1X49版本和16.1版本中存在安全漏洞,该漏洞源于程序未能充分的执行身份验证。攻击者可利用该漏洞获取主机操作环境的访问权限,并提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787
Reference: http://securitytracker.com/id/1038893
Impacted products
| Name | ['Juniper Networks Junos OS 15.1', 'Juniper Networks Junos OS 16.1', 'Juniper Networks Junos OS 14.1X53', 'Juniper Networks Junos OS 15.1X49', 'Juniper Networks Junos OS vSRX', 'Juniper Networks Junos OS SRX1500', 'Juniper Networks Junos OS SRX4100', 'Juniper Networks Junos OS SRX4200', 'Juniper Networks Junos OS QFX5110', 'Juniper Networks Junos OS QFX5200', 'Juniper Networks Junos OS QFX10002', 'Juniper Networks Junos OS QFX10008', 'Juniper Networks Junos OS QFX10016', 'Juniper Networks Junos OS ACX5000', 'Juniper Networks Junos OS EX4600', 'Juniper Networks Junos OS NFX250 devices'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-2341"
}
},
"description": "Juniper QFX5110 series\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002QFX5110 series\u662f\u4e00\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\uff1bJuniper vSRX series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u6a21\u62df\u5668\u4ea7\u54c1\uff1bSRX1500 series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u4e2d\u7684Junos OS 14.1X53\u7248\u672c\uff0c15.1\u7248\u672c\uff0c15.1X49\u7248\u672c\u548c16.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u5145\u5206\u7684\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u64cd\u4f5c\u73af\u5883\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u63d0\u5347\u6743\u9650\u3002",
"discovererName": "Juniper Networks",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-23949",
"openTime": "2017-08-31",
"patchDescription": "Juniper QFX5110 series\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002QFX5110 series\u662f\u4e00\u7cfb\u5217\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\uff1bJuniper vSRX series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u6a21\u62df\u5668\u4ea7\u54c1\uff1bSRX1500 series\u662f\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Junos OS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u4e2d\u7684Junos OS 14.1X53\u7248\u672c\uff0c15.1\u7248\u672c\uff0c15.1X49\u7248\u672c\u548c16.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4e3b\u673a\u64cd\u4f5c\u73af\u5883\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eJuniper\u4ea7\u54c1Junos OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Juniper Networks Junos OS 15.1",
"Juniper Networks Junos OS 16.1",
"Juniper Networks Junos OS 14.1X53",
"Juniper Networks Junos OS 15.1X49",
"Juniper Networks Junos OS vSRX",
"Juniper Networks Junos OS SRX1500",
"Juniper Networks Junos OS SRX4100",
"Juniper Networks Junos OS SRX4200",
"Juniper Networks Junos OS QFX5110",
"Juniper Networks Junos OS QFX5200",
"Juniper Networks Junos OS QFX10002",
"Juniper Networks Junos OS QFX10008",
"Juniper Networks Junos OS QFX10016",
"Juniper Networks Junos OS ACX5000",
"Juniper Networks Junos OS EX4600",
"Juniper Networks Junos OS NFX250 devices"
]
},
"referenceLink": "http://securitytracker.com/id/1038893",
"serverity": "\u9ad8",
"submitTime": "2017-07-20",
"title": "\u591a\u6b3eJuniper\u4ea7\u54c1Junos OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…