Sign-up

ID

VAR-201704-0754


CVE

CVE-2017-2334


TITLE

Juniper Networks NorthStar Controller Application Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-07234 // CNNVD: CNNVD-201704-985

DESCRIPTION

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. An information disclosure vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. Successful exploits will allow attackers to bypass certain security restrictions and perform unauthorized actions. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2334 // JVNDB: JVNDB-2017-003355 // CNVD: CNVD-2017-07234 // BID: 97616 // VULHUB: VHN-110537

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07234

AFFECTED PRODUCTS

vendor:junipermodel:northstar controllerscope:lteversion:2.1.0

Trust: 1.0

vendor:junipermodel:northstar controllerscope:ltversion:2.1.0 service pack 1

Trust: 0.8

vendor:junipermodel:networks northstar controller application service packscope:ltversion:2.1.01

Trust: 0.6

vendor:junipermodel:northstar controllerscope:eqversion:2.1.0

Trust: 0.6

vendor:junipermodel:northstar controller applicationscope:eqversion:2.1.0

Trust: 0.3

vendor:junipermodel:northstar controller application service packscope:neversion:2.1.01

Trust: 0.3

sources: CNVD: CNVD-2017-07234 // BID: 97616 // JVNDB: JVNDB-2017-003355 // CNNVD: CNNVD-201704-985 // NVD: CVE-2017-2334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2334
value: HIGH

Trust: 1.0

NVD: CVE-2017-2334
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07234
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-985
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110537
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2334
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07234
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110537
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2334
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07234 // VULHUB: VHN-110537 // JVNDB: JVNDB-2017-003355 // CNNVD: CNNVD-201704-985 // NVD: CVE-2017-2334

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110537 // JVNDB: JVNDB-2017-003355 // NVD: CVE-2017-2334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-985

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-985

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003355

PATCH
title:JSA10783url:https://kb.juniper.net/JSA10783
Trust: 0.8
title:JuniperNetworksNorthStarControllerApplication Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/94109
Trust: 0.6
title:Juniper Networks NorthStar Controller Application Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70252
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07234 // 
            
            
            
            JVNDB: JVNDB-2017-003355 // 
            
            
            
            CNNVD: CNNVD-201704-985

EXTERNAL IDS
db:NVDid:CVE-2017-2334
Trust: 3.4
db:BIDid:97616
Trust: 2.6
db:JUNIPERid:JSA10783
Trust: 2.0
db:JVNDBid:JVNDB-2017-003355
Trust: 0.8
db:CNNVDid:CNNVD-201704-985
Trust: 0.7
db:CNVDid:CNVD-2017-07234
Trust: 0.6
db:VULHUBid:VHN-110537
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07234 // 
            
            
            
            VULHUB: VHN-110537 // 
            
            
            
            BID: 97616 // 
            
            
            
            JVNDB: JVNDB-2017-003355 // 
            
            
            
            CNNVD: CNNVD-201704-985 // 
            
            
            
            NVD: CVE-2017-2334

REFERENCES
url:http://www.securityfocus.com/bid/97616
Trust: 2.3
url:https://kb.juniper.net/jsa10783
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2334
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2334
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07234 // 
            
            
            
            VULHUB: VHN-110537 // 
            
            
            
            BID: 97616 // 
            
            
            
            JVNDB: JVNDB-2017-003355 // 
            
            
            
            CNNVD: CNNVD-201704-985 // 
            
            
            
            NVD: CVE-2017-2334

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97616

SOURCES
db:CNVDid:CNVD-2017-07234
db:VULHUBid:VHN-110537
db:BIDid:97616
db:JVNDBid:JVNDB-2017-003355
db:CNNVDid:CNNVD-201704-985
db:NVDid:CVE-2017-2334

LAST UPDATE DATE
2025-04-20T22:12:21.187000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07234date:2017-05-23T00:00:00
db:VULHUBid:VHN-110537date:2017-04-27T00:00:00
db:BIDid:97616date:2017-04-18T01:05:00
db:JVNDBid:JVNDB-2017-003355date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-985date:2017-05-17T00:00:00
db:NVDid:CVE-2017-2334date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07234date:2017-05-23T00:00:00
db:VULHUBid:VHN-110537date:2017-04-24T00:00:00
db:BIDid:97616date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2017-003355date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-985date:2017-04-11T00:00:00
db:NVDid:CVE-2017-2334date:2017-04-24T15:59:00.817