Sign-up

ID

VAR-201704-0741


CVE

CVE-2017-2321


TITLE

Juniper Networks NorthStar Controller Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-003346

DESCRIPTION

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. Juniper Networks NorthStar Controller Applications have vulnerabilities related to authorization, permissions, and access control.Information is obtained, tampered with, and disrupted by network-based attackers (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A remote privilege elevation vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to gain elevated privileges. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2321 // JVNDB: JVNDB-2017-003346 // CNVD: CNVD-2017-07238 // BID: 97693 // VULHUB: VHN-110524

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07238

AFFECTED PRODUCTS

vendor:junipermodel:northstar controllerscope:lteversion:2.1.0

Trust: 1.0

vendor:junipermodel:northstar controllerscope:ltversion:2.1.0 service pack 1

Trust: 0.8

vendor:junipermodel:networks northstar controller application service packscope:ltversion:2.1.01

Trust: 0.6

vendor:junipermodel:northstar controllerscope:eqversion:2.1.0

Trust: 0.6

vendor:junipermodel:northstar controller applicationscope:eqversion:2.1.0

Trust: 0.3

vendor:junipermodel:northstar controller application service packscope:neversion:2.1.01

Trust: 0.3

sources: CNVD: CNVD-2017-07238 // BID: 97693 // JVNDB: JVNDB-2017-003346 // CNNVD: CNNVD-201704-966 // NVD: CVE-2017-2321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2321
value: HIGH

Trust: 1.0

NVD: CVE-2017-2321
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07238
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-966
value: HIGH

Trust: 0.6

VULHUB: VHN-110524
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2321
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07238
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110524
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2321
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07238 // VULHUB: VHN-110524 // JVNDB: JVNDB-2017-003346 // CNNVD: CNNVD-201704-966 // NVD: CVE-2017-2321

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-110524 // JVNDB: JVNDB-2017-003346 // NVD: CVE-2017-2321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-966

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-966

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003346

PATCH
title:JSA10783url:https://kb.juniper.net/JSA10783
Trust: 0.8
title:Patch for JuniperNetworksNorthStarControllerApplication Remote Privilege Escalation Vulnerability (CNVD-2017-07238)url:https://www.cnvd.org.cn/patchInfo/show/94114
Trust: 0.6
title:Juniper Networks NorthStar Controller Application Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70240
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07238 // 
            
            
            
            JVNDB: JVNDB-2017-003346 // 
            
            
            
            CNNVD: CNNVD-201704-966

EXTERNAL IDS
db:NVDid:CVE-2017-2321
Trust: 3.4
db:JUNIPERid:JSA10783
Trust: 2.6
db:BIDid:97693
Trust: 2.6
db:JVNDBid:JVNDB-2017-003346
Trust: 0.8
db:CNNVDid:CNNVD-201704-966
Trust: 0.7
db:CNVDid:CNVD-2017-07238
Trust: 0.6
db:VULHUBid:VHN-110524
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07238 // 
            
            
            
            VULHUB: VHN-110524 // 
            
            
            
            BID: 97693 // 
            
            
            
            JVNDB: JVNDB-2017-003346 // 
            
            
            
            CNNVD: CNNVD-201704-966 // 
            
            
            
            NVD: CVE-2017-2321

REFERENCES
url:http://www.securityfocus.com/bid/97693
Trust: 2.3
url:https://kb.juniper.net/jsa10783
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2321
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2321
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07238 // 
            
            
            
            VULHUB: VHN-110524 // 
            
            
            
            BID: 97693 // 
            
            
            
            JVNDB: JVNDB-2017-003346 // 
            
            
            
            CNNVD: CNNVD-201704-966 // 
            
            
            
            NVD: CVE-2017-2321

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97693

SOURCES
db:CNVDid:CNVD-2017-07238
db:VULHUBid:VHN-110524
db:BIDid:97693
db:JVNDBid:JVNDB-2017-003346
db:CNNVDid:CNNVD-201704-966
db:NVDid:CVE-2017-2321

LAST UPDATE DATE
2025-04-20T21:06:24.412000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07238date:2017-05-23T00:00:00
db:VULHUBid:VHN-110524date:2019-10-03T00:00:00
db:BIDid:97693date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-003346date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-966date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2321date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07238date:2017-05-23T00:00:00
db:VULHUBid:VHN-110524date:2017-04-24T00:00:00
db:BIDid:97693date:2017-04-12T00:00:00
db:JVNDBid:JVNDB-2017-003346date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-966date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2321date:2017-04-24T15:59:00.473