Details of VAR-201704-0742

ID

VAR-201704-0742

CVE

CVE-2017-2322

TITLE

Juniper Networks NorthStar Controller Service disruption to system services in applications (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003411

DESCRIPTION

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. Juniper NorthStar Controller Application is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The controller optimizes a service provider's transport network by establishing open industry-standard protocols

Trust: 1.98

sources: NVD: CVE-2017-2322 // JVNDB: JVNDB-2017-003411 // BID: 97613 // VULHUB: VHN-110525

AFFECTED PRODUCTS

vendor:	juniper	model:	northstar controller	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	juniper	model:	northstar controller	scope:	lt	version:	2.1.0 service pack 1	Trust: 0.8
vendor:	juniper	model:	northstar controller	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: BID: 97613 // JVNDB: JVNDB-2017-003411 // CNNVD: CNNVD-201704-983 // NVD: CVE-2017-2322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2322
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2322
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201704-983
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110525
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-2322
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110525
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2322
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110525 // JVNDB: JVNDB-2017-003411 // CNNVD: CNNVD-201704-983 // NVD: CVE-2017-2322

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-110525 // JVNDB: JVNDB-2017-003411 // NVD: CVE-2017-2322

THREAT TYPE

local

Trust: 0.9

sources: BID: 97613 // CNNVD: CNNVD-201704-983

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-983

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003411

PATCH

title:	JSA10783	url:	https://kb.juniper.net/JSA10783	Trust: 0.8
title:	Juniper Networks NorthStar Controller Application Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70251	Trust: 0.6

sources: JVNDB: JVNDB-2017-003411 // CNNVD: CNNVD-201704-983

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2322	Trust: 2.8
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	BID	id:	97613	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-003411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-983	Trust: 0.7
db:	VULHUB	id:	VHN-110525	Trust: 0.1

sources: VULHUB: VHN-110525 // BID: 97613 // JVNDB: JVNDB-2017-003411 // CNNVD: CNNVD-201704-983 // NVD: CVE-2017-2322

REFERENCES

url:	http://www.securityfocus.com/bid/97613	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2322	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2322	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-110525 // BID: 97613 // JVNDB: JVNDB-2017-003411 // CNNVD: CNNVD-201704-983 // NVD: CVE-2017-2322

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97613

SOURCES

db:	VULHUB	id:	VHN-110525
db:	BID	id:	97613
db:	JVNDB	id:	JVNDB-2017-003411
db:	CNNVD	id:	CNNVD-201704-983
db:	NVD	id:	CVE-2017-2322

LAST UPDATE DATE

2025-04-20T21:25:07.435000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110525	date:	2019-10-03T00:00:00
db:	BID	id:	97613	date:	2017-04-18T01:05:00
db:	JVNDB	id:	JVNDB-2017-003411	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201704-983	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2322	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110525	date:	2017-04-24T00:00:00
db:	BID	id:	97613	date:	2017-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-003411	date:	2017-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201704-983	date:	2017-04-12T00:00:00
db:	NVD	id:	CVE-2017-2322	date:	2017-04-24T18:59:00.587