Details of VAR-201704-0740

ID

VAR-201704-0740

CVE

CVE-2017-2320

TITLE

Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-003345

DESCRIPTION

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. Permissions and access control vulnerabilities existed in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service and change components on the NorthStar system. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

Trust: 2.61

sources: NVD: CVE-2017-2320 // JVNDB: JVNDB-2017-003345 // CNVD: CNVD-2017-07239 // BID: 97687 // VULHUB: VHN-110523 // VULMON: CVE-2017-2320

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-07239

AFFECTED PRODUCTS

vendor:	juniper	model:	northstar controller	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	juniper	model:	northstar controller	scope:	lt	version:	2.1.0 service pack 1	Trust: 0.8
vendor:	juniper	model:	networks northstar controller application service pack	scope:	lt	version:	2.1.01	Trust: 0.6
vendor:	juniper	model:	northstar controller	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: CNVD: CNVD-2017-07239 // BID: 97687 // JVNDB: JVNDB-2017-003345 // CNNVD: CNNVD-201704-967 // NVD: CVE-2017-2320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2320
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-2320
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-07239
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-967
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-110523
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-2320
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2320
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-07239
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110523
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2320
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-07239 // VULHUB: VHN-110523 // VULMON: CVE-2017-2320 // JVNDB: JVNDB-2017-003345 // CNNVD: CNNVD-201704-967 // NVD: CVE-2017-2320

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-110523 // JVNDB: JVNDB-2017-003345 // NVD: CVE-2017-2320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-967

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-967

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003345

PATCH

title:	JSA10783	url:	https://kb.juniper.net/JSA10783	Trust: 0.8
title:	Patch for JuniperNetworksNorthStarControllerApplication Remote Privilege Escalation Vulnerability (CNVD-2017-07239)	url:	https://www.cnvd.org.cn/patchInfo/show/94113	Trust: 0.6
title:	Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70241	Trust: 0.6

sources: CNVD: CNVD-2017-07239 // JVNDB: JVNDB-2017-003345 // CNNVD: CNNVD-201704-967

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2320	Trust: 3.5
db:	JUNIPER	id:	JSA10783	Trust: 2.7
db:	BID	id:	97687	Trust: 2.7
db:	JVNDB	id:	JVNDB-2017-003345	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-967	Trust: 0.7
db:	CNVD	id:	CNVD-2017-07239	Trust: 0.6
db:	VULHUB	id:	VHN-110523	Trust: 0.1
db:	VULMON	id:	CVE-2017-2320	Trust: 0.1

sources: CNVD: CNVD-2017-07239 // VULHUB: VHN-110523 // VULMON: CVE-2017-2320 // BID: 97687 // JVNDB: JVNDB-2017-003345 // CNNVD: CNNVD-201704-967 // NVD: CVE-2017-2320

REFERENCES

url:	http://www.securityfocus.com/bid/97687	Trust: 2.5
url:	https://kb.juniper.net/jsa10783	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2320	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2320	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-07239 // VULHUB: VHN-110523 // VULMON: CVE-2017-2320 // BID: 97687 // JVNDB: JVNDB-2017-003345 // CNNVD: CNNVD-201704-967 // NVD: CVE-2017-2320

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97687

SOURCES

db:	CNVD	id:	CNVD-2017-07239
db:	VULHUB	id:	VHN-110523
db:	VULMON	id:	CVE-2017-2320
db:	BID	id:	97687
db:	JVNDB	id:	JVNDB-2017-003345
db:	CNNVD	id:	CNNVD-201704-967
db:	NVD	id:	CVE-2017-2320

LAST UPDATE DATE

2025-04-20T22:54:42.966000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07239	date:	2017-05-23T00:00:00
db:	VULHUB	id:	VHN-110523	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-2320	date:	2019-10-03T00:00:00
db:	BID	id:	97687	date:	2017-04-18T00:07:00
db:	JVNDB	id:	JVNDB-2017-003345	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-967	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2320	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07239	date:	2017-05-23T00:00:00
db:	VULHUB	id:	VHN-110523	date:	2017-04-24T00:00:00
db:	VULMON	id:	CVE-2017-2320	date:	2017-04-24T00:00:00
db:	BID	id:	97687	date:	2017-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-003345	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-967	date:	2017-04-12T00:00:00
db:	NVD	id:	CVE-2017-2320	date:	2017-04-24T15:59:00.457