admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 17:50:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2017/CVE-2017-10617.md

18 lines
1022 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2017-10617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10617)
![](https://img.shields.io/static/v1?label=Product&message=Contrail&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.2%3C%202.21.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=XML%20External%20Entity%20(XXE)%20vulnerability%20&color=brighgreen)
### Description
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
### POC
#### Reference
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-wjp8-8qf6-vqmc
#### Github
- https://github.com/gteissier/CVE-2017-10617
Reference in New Issue Copy Permalink