Vulnerability Details : CVE-2017-2320
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
Vulnerability category: Information leak
Products affected by CVE-2017-2320
- cpe:2.3:a:juniper:northstar_controller:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2320
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2320
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2017-2320
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2320
-
https://kb.juniper.net/JSA10783
Juniper Networks - 2017-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1.Mitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/97687
Juniper NorthStar Controller Application CVE-2017-2320 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to