cvelist/2017/10xxx/CVE-2017-10603.json

{
    "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2017-07-12T09:00",
        "ID": "CVE-2017-10603",
        "STATE": "PUBLIC",
        "TITLE": "Junos OS: Local XML Injection through CLI command can lead to privilege escalation"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos OS",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "",
                                            "version_value": "15.1X53 prior to 15.1X53-D47"
                                        },
                                        {
                                            "platform": "",
                                            "version_value": "15.1 prior to 15.1R3"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Juniper Networks"
                }
            ]
        }
    },
    "configuration": [],
    "credit": [],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue."
            }
        ]
    },
    "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "XML injection"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "1038901",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1038901"
            },
            {
                "name": "https://kb.juniper.net/JSA10805",
                "refsource": "CONFIRM",
                "url": "https://kb.juniper.net/JSA10805"
            }
        ]
    },
    "solution": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D47, 15.1R3, and all subsequent releases.\nThis issue is being tracked as PR 1091037 and is visible on the Customer Support website.",
    "work_around": [
        {
            "lang": "eng",
            "value": "There is no direct workaround to completely eliminate the risk of this vulnerability.\n\nUse access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."
        }
    ]
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 05:16:49 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "sirt@juniper.net",`
			`"DATE_PUBLIC": "2017-07-12T09:00",`
			`"ID": "CVE-2017-10603",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Junos OS: Local XML Injection through CLI command can lead to privilege escalation"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Junos OS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"platform": "",`
			`"version_value": "15.1X53 prior to 15.1X53-D47"`
			`},`
			`{`
			`"platform": "",`
			`"version_value": "15.1 prior to 15.1R3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Juniper Networks"`
			`}`
			`]`
			`}`
			`},`
			`"configuration": [],`
			`"credit": [],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 05:16:49 +00:00			`"lang": "eng",`
			`"value": "An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue."`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
"-Synchronized-Data." 2019-03-18 05:16:49 +00:00			`]`
			`},`
			`"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "XML injection"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "1038901",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1038901"`
			`},`
			`{`
			`"name": "https://kb.juniper.net/JSA10805",`
			`"refsource": "CONFIRM",`
			`"url": "https://kb.juniper.net/JSA10805"`
			`}`
			`]`
			`},`
			`"solution": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X53-D47, 15.1R3, and all subsequent releases.\nThis issue is being tracked as PR 1091037 and is visible on the Customer Support website.",`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "There is no direct workaround to completely eliminate the risk of this vulnerability.\n\nUse access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."`
			`}`
			`]`
			`}`