CVE-2017-2341 Information

Description

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment may allow unprivileged users on the Junos OS instance to gain access to the host operating environment and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110 QFX5200 QFX10002 QFX10008 QFX10016 EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX SRX1500 SRX4100 SRX4200; 16.1 prior to 16.1R2 on EX4600 ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securitytracker.com/id/1038893 https://kb.juniper.net/JSA10787

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8