Sign-up

ID

VAR-201704-0748


CVE

CVE-2017-2328


TITLE

Juniper Networks NorthStar Controller Application elevation of vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003350

DESCRIPTION

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permissions through reading unprivileged information stored in the NorthStar controller. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An information disclosure vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. A local attacker can exploit this vulnerability to obtain sensitive information. Juniper NorthStar Controller Application is prone to a unspecified local information-disclosure vulnerability

Trust: 2.52

sources: NVD: CVE-2017-2328 // JVNDB: JVNDB-2017-003350 // CNVD: CNVD-2017-07235 // BID: 97617 // VULHUB: VHN-110531

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07235

AFFECTED PRODUCTS

vendor:junipermodel:northstar controllerscope:lteversion:2.1.0

Trust: 1.0

vendor:junipermodel:northstar controllerscope:ltversion:2.1.0 service pack 1

Trust: 0.8

vendor:junipermodel:networks northstar controller application service packscope:ltversion:2.1.01

Trust: 0.6

vendor:junipermodel:northstar controllerscope:eqversion:2.1.0

Trust: 0.6

vendor:junipermodel:northstar controller applicationscope:eqversion:2.1.0

Trust: 0.3

vendor:junipermodel:northstar controller application service packscope:neversion:2.1.01

Trust: 0.3

sources: CNVD: CNVD-2017-07235 // BID: 97617 // JVNDB: JVNDB-2017-003350 // CNNVD: CNNVD-201704-979 // NVD: CVE-2017-2328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2328
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2328
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-07235
value: LOW

Trust: 0.6

CNNVD: CNNVD-201704-979
value: LOW

Trust: 0.6

VULHUB: VHN-110531
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2328
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07235
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110531
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2328
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07235 // VULHUB: VHN-110531 // JVNDB: JVNDB-2017-003350 // CNNVD: CNNVD-201704-979 // NVD: CVE-2017-2328

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110531 // JVNDB: JVNDB-2017-003350 // NVD: CVE-2017-2328

THREAT TYPE

local

Trust: 0.9

sources: BID: 97617 // CNNVD: CNNVD-201704-979

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-979

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003350

PATCH
title:JSA10783url:https://kb.juniper.net/JSA10783
Trust: 0.8
title:JuniperNetworksNorthStarControllerApplication Local Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/94110
Trust: 0.6
title:Juniper Networks NorthStar Controller Application Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70248
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07235 // 
            
            
            
            JVNDB: JVNDB-2017-003350 // 
            
            
            
            CNNVD: CNNVD-201704-979

EXTERNAL IDS
db:NVDid:CVE-2017-2328
Trust: 3.4
db:BIDid:97617
Trust: 2.6
db:JUNIPERid:JSA10783
Trust: 2.6
db:JVNDBid:JVNDB-2017-003350
Trust: 0.8
db:CNNVDid:CNNVD-201704-979
Trust: 0.7
db:CNVDid:CNVD-2017-07235
Trust: 0.6
db:VULHUBid:VHN-110531
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07235 // 
            
            
            
            VULHUB: VHN-110531 // 
            
            
            
            BID: 97617 // 
            
            
            
            JVNDB: JVNDB-2017-003350 // 
            
            
            
            CNNVD: CNNVD-201704-979 // 
            
            
            
            NVD: CVE-2017-2328

REFERENCES
url:http://www.securityfocus.com/bid/97617
Trust: 2.3
url:https://kb.juniper.net/jsa10783
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2328
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2328
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07235 // 
            
            
            
            VULHUB: VHN-110531 // 
            
            
            
            BID: 97617 // 
            
            
            
            JVNDB: JVNDB-2017-003350 // 
            
            
            
            CNNVD: CNNVD-201704-979 // 
            
            
            
            NVD: CVE-2017-2328

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97617

SOURCES
db:CNVDid:CNVD-2017-07235
db:VULHUBid:VHN-110531
db:BIDid:97617
db:JVNDBid:JVNDB-2017-003350
db:CNNVDid:CNNVD-201704-979
db:NVDid:CVE-2017-2328

LAST UPDATE DATE
2025-04-20T20:56:26.152000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07235date:2017-05-23T00:00:00
db:VULHUBid:VHN-110531date:2017-04-27T00:00:00
db:BIDid:97617date:2017-04-18T00:06:00
db:JVNDBid:JVNDB-2017-003350date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-979date:2017-05-17T00:00:00
db:NVDid:CVE-2017-2328date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07235date:2017-05-22T00:00:00
db:VULHUBid:VHN-110531date:2017-04-24T00:00:00
db:BIDid:97617date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2017-003350date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-979date:2017-04-13T00:00:00
db:NVDid:CVE-2017-2328date:2017-04-24T15:59:00.660