Vulnerability Details : CVE-2017-10622
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-10622
- cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-10622
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-10622
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Juniper Networks, Inc. |
CWE ids for CVE-2017-10622
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-10622
-
https://kb.juniper.net/JSA10824
Juniper Networks - 2017-10 Security Bulletin: Junos Space: Authentication bypass vulnerability (CVE-2017-10622)Vendor Advisory
-
http://www.securityfocus.com/bid/101258
Juniper Junos Space CVE-2017-10622 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to