Sign-up

ID

VAR-201704-0751


CVE

CVE-2017-2331


TITLE

Juniper Networks NorthStar Controller Vulnerabilities that bypass application firewall policies

Trust: 0.8

sources: JVNDB: JVNDB-2017-003353

DESCRIPTION

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An authentication bypass vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Juniper NorthStar Controller Application before version 2.1.0 Service Pack 1 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2331 // JVNDB: JVNDB-2017-003353 // CNVD: CNVD-2017-07236 // BID: 97619 // VULHUB: VHN-110534

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07236

AFFECTED PRODUCTS

vendor:junipermodel:northstar controllerscope:lteversion:2.1.0

Trust: 1.0

vendor:junipermodel:northstar controllerscope:ltversion:2.1.0 service pack 1

Trust: 0.8

vendor:junipermodel:networks northstar controller application service packscope:ltversion:2.1.01

Trust: 0.6

vendor:junipermodel:northstar controllerscope:eqversion:2.1.0

Trust: 0.6

vendor:junipermodel:northstar controller applicationscope:eqversion:2.1.0

Trust: 0.3

vendor:junipermodel:northstar controller application service packscope:neversion:2.1.01

Trust: 0.3

sources: CNVD: CNVD-2017-07236 // BID: 97619 // JVNDB: JVNDB-2017-003353 // CNNVD: CNNVD-201704-980 // NVD: CVE-2017-2331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2331
value: HIGH

Trust: 1.0

NVD: CVE-2017-2331
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07236
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-980
value: HIGH

Trust: 0.6

VULHUB: VHN-110534
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2331
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07236
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110534
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2331
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07236 // VULHUB: VHN-110534 // JVNDB: JVNDB-2017-003353 // CNNVD: CNNVD-201704-980 // NVD: CVE-2017-2331

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-110534 // JVNDB: JVNDB-2017-003353 // NVD: CVE-2017-2331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-980

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-980

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003353

PATCH
title:JSA10783url:https://kb.juniper.net/JSA10783
Trust: 0.8
title:JuniperNetworksNorthStarControllerApplication authentication bypasses the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/94111
Trust: 0.6
title:Juniper Networks NorthStar Controller Application Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70249
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07236 // 
            
            
            
            JVNDB: JVNDB-2017-003353 // 
            
            
            
            CNNVD: CNNVD-201704-980

EXTERNAL IDS
db:NVDid:CVE-2017-2331
Trust: 3.4
db:JUNIPERid:JSA10783
Trust: 2.6
db:BIDid:97619
Trust: 2.6
db:JVNDBid:JVNDB-2017-003353
Trust: 0.8
db:CNNVDid:CNNVD-201704-980
Trust: 0.7
db:CNVDid:CNVD-2017-07236
Trust: 0.6
db:VULHUBid:VHN-110534
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07236 // 
            
            
            
            VULHUB: VHN-110534 // 
            
            
            
            BID: 97619 // 
            
            
            
            JVNDB: JVNDB-2017-003353 // 
            
            
            
            CNNVD: CNNVD-201704-980 // 
            
            
            
            NVD: CVE-2017-2331

REFERENCES
url:http://www.securityfocus.com/bid/97619
Trust: 2.3
url:https://kb.juniper.net/jsa10783
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2331
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2331
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07236 // 
            
            
            
            VULHUB: VHN-110534 // 
            
            
            
            BID: 97619 // 
            
            
            
            JVNDB: JVNDB-2017-003353 // 
            
            
            
            CNNVD: CNNVD-201704-980 // 
            
            
            
            NVD: CVE-2017-2331

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97619

SOURCES
db:CNVDid:CNVD-2017-07236
db:VULHUBid:VHN-110534
db:BIDid:97619
db:JVNDBid:JVNDB-2017-003353
db:CNNVDid:CNNVD-201704-980
db:NVDid:CVE-2017-2331

LAST UPDATE DATE
2025-04-20T22:06:36.146000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07236date:2017-05-23T00:00:00
db:VULHUBid:VHN-110534date:2019-10-03T00:00:00
db:BIDid:97619date:2017-04-18T00:06:00
db:JVNDBid:JVNDB-2017-003353date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-980date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2331date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07236date:2017-05-23T00:00:00
db:VULHUBid:VHN-110534date:2017-04-24T00:00:00
db:BIDid:97619date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2017-003353date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-980date:2017-04-11T00:00:00
db:NVDid:CVE-2017-2331date:2017-04-24T15:59:00.737