cvelistv5 - cve-2017-2320

CVE-2017-2320 (GCVE-0-2017-2320)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service

Summary

References

URL

	Vendor	Product	Version
	Juniper Networks	NorthStar Controller Application	Version: prior to version 2.1.0 Service Pack 1

fkie_cve-2017-2320

Vulnerability from fkie_nvd

Published

2017-04-24 15:59

Modified

2025-04-20 01:37

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/97687	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10783	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97687	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10783	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	northstar_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCC1859-771C-44AC-A4C1-AAA6A5E6C1BF",
              "versionEndIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Juniper Networks NorthStar Controller Application anterior a la versi\u00f3n 2.1.0 Service Pack 1 puede permitir que un atacante no autenticado, sin privilegios y basado en la red, provoque varias denegaciones de servicio conduciendo a la divulgaci\u00f3n de informaci\u00f3n espec\u00edfica, modificaci\u00f3n de cualquier componente del sistema NorthStar, incluyendo los sistemas gestionados y la denegaci\u00f3n de servicio total de cualquier sistema bajo gesti\u00f3n con el que NorthStar interact\u00fae utilizando credenciales de solo lectura o de lectura y escritura."
    }
  ],
  "id": "CVE-2017-2320",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T15:59:00.457",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97687"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10783"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2017-2320

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-2320

Aliases

CVE-2017-2320

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2320",
    "description": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
    "id": "GSD-2017-2320"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2320"
      ],
      "details": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
      "id": "GSD-2017-2320",
      "modified": "2023-12-13T01:21:05.482020Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "ID": "CVE-2017-2320",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NorthStar Controller Application",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to version 2.1.0 Service Pack 1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "vulnerability that may allow complete compromise the system\u0027s confidentiality or integrity or cause a complete denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA10783",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "97687",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97687"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2320"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "97687",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97687"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-04-24T15:59Z"
    }
  }
}

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

ghsa-jw9m-g475-84fv

Vulnerability from github

Published

2022-05-13 01:44

Modified

2022-05-13 01:44

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-24T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.",
  "id": "GHSA-jw9m-g475-84fv",
  "modified": "2022-05-13T01:44:45Z",
  "published": "2022-05-13T01:44:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2320"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10783"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97687"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-07239

Vulnerability from cnvd

Title

Juniper Networks NorthStar Controller Application远程权限提升漏洞（CNVD-2017-07239）

Description

Juniper Networks NorthStar Controller Application是美国瞻博网络（Juniper Networks）公司的一款流量规划控制器。该控制器通过建立开放的行业标准协议来优化服务提供商的传输网络。 Juniper Networks NorthStar Controller Application 2.1.0 Service Pack 1之前的版本中存在权限许可和访问控制漏洞。攻击者可利用该漏洞造成拒绝服务，更改NorthStar系统上的组件。

Severity

高

Patch Name

Juniper Networks NorthStar Controller Application远程权限提升漏洞（CNVD-2017-07239）的补丁

Patch Description

Juniper Networks NorthStar Controller Application是美国瞻博网络（Juniper Networks）公司的一款流量规划控制器。该控制器通过建立开放的行业标准协议来优化服务提供商的传输网络。 Juniper Networks NorthStar Controller Application 2.1.0 Service Pack 1之前的版本中存在远程权限提升漏洞。攻击者可利用该漏洞造成拒绝服务，更改NorthStar系统上的组件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1&actp=LIST

Reference

http://www.securityfocus.com/bid/97687 https://kb.juniper.net/JSA10783

Impacted products

Name
Juniper Networks NorthStar Controller Application <2.1.0 Service Pack 1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97687"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2320"
    }
  },
  "description": "Juniper Networks NorthStar Controller Application\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6d41\u91cf\u89c4\u5212\u63a7\u5236\u5668\u3002\u8be5\u63a7\u5236\u5668\u901a\u8fc7\u5efa\u7acb\u5f00\u653e\u7684\u884c\u4e1a\u6807\u51c6\u534f\u8bae\u6765\u4f18\u5316\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u4f20\u8f93\u7f51\u7edc\u3002\r\n\r\nJuniper Networks NorthStar Controller Application 2.1.0 Service Pack 1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u66f4\u6539NorthStar\u7cfb\u7edf\u4e0a\u7684\u7ec4\u4ef6\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07239",
  "openTime": "2017-05-23",
  "patchDescription": "Juniper Networks NorthStar Controller Application\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6d41\u91cf\u89c4\u5212\u63a7\u5236\u5668\u3002\u8be5\u63a7\u5236\u5668\u901a\u8fc7\u5efa\u7acb\u5f00\u653e\u7684\u884c\u4e1a\u6807\u51c6\u534f\u8bae\u6765\u4f18\u5316\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u4f20\u8f93\u7f51\u7edc\u3002\r\n\r\nJuniper Networks NorthStar Controller Application 2.1.0 Service Pack 1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u66f4\u6539NorthStar\u7cfb\u7edf\u4e0a\u7684\u7ec4\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks NorthStar Controller Application\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2017-07239\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Juniper Networks NorthStar Controller Application \u003c2.1.0 Service Pack 1"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97687\r\nhttps://kb.juniper.net/JSA10783",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-18",
  "title": "Juniper Networks NorthStar Controller Application\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2017-07239\uff09"
}

var-201704-0740

Vulnerability from variot

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0740",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "northstar controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "2.1.0 service pack 1"
      },
      {
        "model": "networks northstar controller application service pack",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "2.1.01"
      },
      {
        "model": "northstar controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.1.0"
      },
      {
        "model": "northstar controller application service pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.1.01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:juniper:northstar_controller",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "97687"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2320",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-2320",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-07239",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-110523",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-2320",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2320",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2320",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07239",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-967",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110523",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2320",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider\u0027s transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. \nVersions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2320",
        "trust": 3.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10783",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "97687",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "id": "VAR-201704-0740",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      }
    ],
    "trust": 1.29105265
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      }
    ]
  },
  "last_update_date": "2024-11-23T19:30:07.866000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10783",
        "trust": 0.8,
        "url": "https://kb.juniper.net/JSA10783"
      },
      {
        "title": "Patch for JuniperNetworksNorthStarControllerApplication Remote Privilege Escalation Vulnerability (CNVD-2017-07239)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/94113"
      },
      {
        "title": "Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70241"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/97687"
      },
      {
        "trust": 2.4,
        "url": "https://kb.juniper.net/jsa10783"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2320"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2320"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "db": "BID",
        "id": "97687"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2017-04-12T00:00:00",
        "db": "BID",
        "id": "97687"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "date": "2017-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "date": "2017-04-24T15:59:00.457000",
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07239"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110523"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2320"
      },
      {
        "date": "2017-04-18T00:07:00",
        "db": "BID",
        "id": "97687"
      },
      {
        "date": "2017-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      },
      {
        "date": "2024-11-21T03:23:16.740000",
        "db": "NVD",
        "id": "CVE-2017-2320"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003345"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-967"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2320 (GCVE-0-2017-2320)

Vulnerability from cvelistv5

fkie_cve-2017-2320

Vulnerability from fkie_nvd

gsd-2017-2320

Vulnerability from gsd

CERTFR-2017-AVI-111

Vulnerability from certfr_avis

Solution

ghsa-jw9m-g475-84fv

Vulnerability from github

cnvd-2017-07239

Vulnerability from cnvd

var-201704-0740

Vulnerability from variot

Tags

Sightings

Nomenclature