Details of VAR-201704-0737

ID

VAR-201704-0737

CVE

CVE-2017-2317

TITLE

Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-003343

DESCRIPTION

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An unrecognized denial of service vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1

Trust: 2.52

sources: NVD: CVE-2017-2317 // JVNDB: JVNDB-2017-003343 // CNVD: CNVD-2017-07240 // BID: 97652 // VULHUB: VHN-110520

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-07240

AFFECTED PRODUCTS

vendor:	juniper	model:	northstar controller	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	juniper	model:	northstar controller	scope:	lt	version:	2.1.0 service pack 1	Trust: 0.8
vendor:	juniper	model:	networks northstar controller application service pack	scope:	lt	version:	2.1.01	Trust: 0.6
vendor:	juniper	model:	northstar controller	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: CNVD: CNVD-2017-07240 // BID: 97652 // JVNDB: JVNDB-2017-003343 // CNNVD: CNNVD-201704-970 // NVD: CVE-2017-2317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2317
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2317
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-07240
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-970
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110520
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2317
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-07240
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110520
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2317
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-07240 // VULHUB: VHN-110520 // JVNDB: JVNDB-2017-003343 // CNNVD: CNNVD-201704-970 // NVD: CVE-2017-2317

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-110520 // JVNDB: JVNDB-2017-003343 // NVD: CVE-2017-2317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-970

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-970

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003343

PATCH

title:	JSA10783	url:	https://kb.juniper.net/JSA10783	Trust: 0.8
title:	JuniperNetworksNorthStarControllerApplication has a patch for an unrecognized denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/94112	Trust: 0.6
title:	Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70243	Trust: 0.6

sources: CNVD: CNVD-2017-07240 // JVNDB: JVNDB-2017-003343 // CNNVD: CNNVD-201704-970

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2317	Trust: 3.4
db:	BID	id:	97652	Trust: 2.6
db:	JUNIPER	id:	JSA10783	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-003343	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-970	Trust: 0.7
db:	CNVD	id:	CNVD-2017-07240	Trust: 0.6
db:	VULHUB	id:	VHN-110520	Trust: 0.1

sources: CNVD: CNVD-2017-07240 // VULHUB: VHN-110520 // BID: 97652 // JVNDB: JVNDB-2017-003343 // CNNVD: CNNVD-201704-970 // NVD: CVE-2017-2317

REFERENCES

url:	http://www.securityfocus.com/bid/97652	Trust: 2.3
url:	https://kb.juniper.net/jsa10783	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2317	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2317	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://www.juniper.net/us/en/products-services/sdn/northstar-network-controller/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3

sources: CNVD: CNVD-2017-07240 // VULHUB: VHN-110520 // BID: 97652 // JVNDB: JVNDB-2017-003343 // CNNVD: CNNVD-201704-970 // NVD: CVE-2017-2317

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97652

SOURCES

db:	CNVD	id:	CNVD-2017-07240
db:	VULHUB	id:	VHN-110520
db:	BID	id:	97652
db:	JVNDB	id:	JVNDB-2017-003343
db:	CNNVD	id:	CNNVD-201704-970
db:	NVD	id:	CVE-2017-2317

LAST UPDATE DATE

2025-04-20T21:44:57.209000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07240	date:	2017-05-23T00:00:00
db:	VULHUB	id:	VHN-110520	date:	2019-10-03T00:00:00
db:	BID	id:	97652	date:	2017-04-18T01:05:00
db:	JVNDB	id:	JVNDB-2017-003343	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-970	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2317	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07240	date:	2017-05-23T00:00:00
db:	VULHUB	id:	VHN-110520	date:	2017-04-24T00:00:00
db:	BID	id:	97652	date:	2017-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-003343	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-970	date:	2017-04-14T00:00:00
db:	NVD	id:	CVE-2017-2317	date:	2017-04-24T15:59:00.333