Details of VAR-201704-0739

ID

VAR-201704-0739

CVE

CVE-2017-2319

TITLE

Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-003410

DESCRIPTION

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Attackers can obtain information, falsify information, and cause denial of service (DoS) An attack may be carried out. Juniper NorthStar Controller Application is prone to unspecified authentication bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper NorthStar Controller Application before version 2.1.0 Service Pack 1 are vulnerable. The controller optimizes a service provider's transport network by establishing open industry-standard protocols. An attacker could exploit this vulnerability to take control of the management system or cause a denial of service

Trust: 1.98

sources: NVD: CVE-2017-2319 // JVNDB: JVNDB-2017-003410 // BID: 97659 // VULHUB: VHN-110522

AFFECTED PRODUCTS

vendor:	juniper	model:	northstar controller	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	juniper	model:	northstar controller	scope:	lt	version:	2.1.0 service pack 1	Trust: 0.8
vendor:	juniper	model:	northstar controller	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: BID: 97659 // JVNDB: JVNDB-2017-003410 // CNNVD: CNNVD-201704-974 // NVD: CVE-2017-2319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2319
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2319
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-974
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110522
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2319
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110522
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2319
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110522 // JVNDB: JVNDB-2017-003410 // CNNVD: CNNVD-201704-974 // NVD: CVE-2017-2319

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-110522 // JVNDB: JVNDB-2017-003410 // NVD: CVE-2017-2319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-974

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-974

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003410

PATCH

title:	JSA10783	url:	https://kb.juniper.net/JSA10783	Trust: 0.8
title:	Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70244	Trust: 0.6

sources: JVNDB: JVNDB-2017-003410 // CNNVD: CNNVD-201704-974

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2319	Trust: 2.8
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	BID	id:	97659	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-003410	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-974	Trust: 0.7
db:	VULHUB	id:	VHN-110522	Trust: 0.1

sources: VULHUB: VHN-110522 // BID: 97659 // JVNDB: JVNDB-2017-003410 // CNNVD: CNNVD-201704-974 // NVD: CVE-2017-2319

REFERENCES

url:	http://www.securityfocus.com/bid/97659	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2319	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2319	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-110522 // BID: 97659 // JVNDB: JVNDB-2017-003410 // CNNVD: CNNVD-201704-974 // NVD: CVE-2017-2319

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97659

SOURCES

db:	VULHUB	id:	VHN-110522
db:	BID	id:	97659
db:	JVNDB	id:	JVNDB-2017-003410
db:	CNNVD	id:	CNNVD-201704-974
db:	NVD	id:	CVE-2017-2319

LAST UPDATE DATE

2025-04-20T19:51:21.275000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110522	date:	2019-10-03T00:00:00
db:	BID	id:	97659	date:	2017-04-18T00:06:00
db:	JVNDB	id:	JVNDB-2017-003410	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201704-974	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2319	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110522	date:	2017-04-24T00:00:00
db:	BID	id:	97659	date:	2017-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-003410	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201704-974	date:	2017-04-14T00:00:00
db:	NVD	id:	CVE-2017-2319	date:	2017-04-24T15:59:00.393