Sign-up

ID

VAR-201704-0750


CVE

CVE-2017-2330


TITLE

Juniper Networks NorthStar Controller Application management resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003352

DESCRIPTION

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services. Juniper Networks NorthStar Controller The application contains a resource management vulnerability.Unauthorized local user disrupts service operation (DoS) An attack may be carried out. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A denial of service vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. A local attacker can exploit this vulnerability to cause a denial of service

Trust: 2.52

sources: NVD: CVE-2017-2330 // JVNDB: JVNDB-2017-003352 // CNVD: CNVD-2017-07225 // BID: 97618 // VULHUB: VHN-110533

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07225

AFFECTED PRODUCTS

vendor:junipermodel:northstar controllerscope:lteversion:2.1.0

Trust: 1.0

vendor:junipermodel:northstar controllerscope:ltversion:2.1.0 service pack 1

Trust: 0.8

vendor:junipermodel:networks northstar controller application service packscope:ltversion:2.1.01

Trust: 0.6

vendor:junipermodel:northstar controllerscope:eqversion:2.1.0

Trust: 0.6

vendor:junipermodel:northstar controller applicationscope:eqversion:2.1.0

Trust: 0.3

vendor:junipermodel:northstar controller application service packscope:neversion:2.1.01

Trust: 0.3

sources: CNVD: CNVD-2017-07225 // BID: 97618 // JVNDB: JVNDB-2017-003352 // CNNVD: CNNVD-201704-981 // NVD: CVE-2017-2330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2330
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2330
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-07225
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-981
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110533
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2330
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07225
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110533
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2330
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07225 // VULHUB: VHN-110533 // JVNDB: JVNDB-2017-003352 // CNNVD: CNNVD-201704-981 // NVD: CVE-2017-2330

PROBLEMTYPE DATA

problemtype:CWE-834

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-110533 // JVNDB: JVNDB-2017-003352 // NVD: CVE-2017-2330

THREAT TYPE

local

Trust: 0.9

sources: BID: 97618 // CNNVD: CNNVD-201704-981

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-981

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003352

PATCH
title:JSA10783url:https://kb.juniper.net/JSA10783
Trust: 0.8
title:JuniperNetworksNorthStarControllerApplication Denial of Service Vulnerability (CNVD-2017-07225) patchurl:https://www.cnvd.org.cn/patchInfo/show/94104
Trust: 0.6
title:Juniper Networks NorthStar Controller Application Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70250
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07225 // 
            
            
            
            JVNDB: JVNDB-2017-003352 // 
            
            
            
            CNNVD: CNNVD-201704-981

EXTERNAL IDS
db:NVDid:CVE-2017-2330
Trust: 3.4
db:BIDid:97618
Trust: 2.6
db:JUNIPERid:JSA10783
Trust: 2.0
db:JVNDBid:JVNDB-2017-003352
Trust: 0.8
db:CNNVDid:CNNVD-201704-981
Trust: 0.7
db:CNVDid:CNVD-2017-07225
Trust: 0.6
db:VULHUBid:VHN-110533
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07225 // 
            
            
            
            VULHUB: VHN-110533 // 
            
            
            
            BID: 97618 // 
            
            
            
            JVNDB: JVNDB-2017-003352 // 
            
            
            
            CNNVD: CNNVD-201704-981 // 
            
            
            
            NVD: CVE-2017-2330

REFERENCES
url:http://www.securityfocus.com/bid/97618
Trust: 2.3
url:https://kb.juniper.net/jsa10783
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2330
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2330
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://www.juniper.net/us/en/products-services/sdn/northstar-network-controller/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07225 // 
            
            
            
            VULHUB: VHN-110533 // 
            
            
            
            BID: 97618 // 
            
            
            
            JVNDB: JVNDB-2017-003352 // 
            
            
            
            CNNVD: CNNVD-201704-981 // 
            
            
            
            NVD: CVE-2017-2330

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97618

SOURCES
db:CNVDid:CNVD-2017-07225
db:VULHUBid:VHN-110533
db:BIDid:97618
db:JVNDBid:JVNDB-2017-003352
db:CNNVDid:CNNVD-201704-981
db:NVDid:CVE-2017-2330

LAST UPDATE DATE
2025-04-20T20:32:45.936000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07225date:2017-05-23T00:00:00
db:VULHUBid:VHN-110533date:2019-10-03T00:00:00
db:BIDid:97618date:2017-04-18T01:05:00
db:JVNDBid:JVNDB-2017-003352date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-981date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2330date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07225date:2017-05-22T00:00:00
db:VULHUBid:VHN-110533date:2017-04-24T00:00:00
db:BIDid:97618date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2017-003352date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-981date:2017-04-13T00:00:00
db:NVDid:CVE-2017-2330date:2017-04-24T15:59:00.707