Sign-up

ID

VAR-201707-0301


CVE

CVE-2017-2349


TITLE

Juniper Networks SRX Runs on series devices Junos OS of IDP Command injection vulnerability in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2017-005970

DESCRIPTION

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30. Juniper Junos is prone to a remote command-injection vulnerability. An attacker can exploit this issue to execute arbitrary shell commands on the affected system with elevated privileges. This may aid in further attacks. Juniper MX Series is an MX series router product of Juniper Networks. Junos OS is a set of operating systems used in it

Trust: 1.98

sources: NVD: CVE-2017-2349 // JVNDB: JVNDB-2017-005970 // BID: 100330 // VULHUB: VHN-110552

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.3

vendor:junipermodel:junos osscope:eqversion:15.1x49-d30

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d20

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x44-d60

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d20

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d35

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d50

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d23scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x47

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d25scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d20scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d15scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos -d10scope:eqversion:12.1x46

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d52scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d41scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d35.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d32scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d24scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d40scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d35scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d30scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d25scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d20scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d15scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x44

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d60scope:neversion: -

Trust: 0.3

sources: BID: 100330 // JVNDB: JVNDB-2017-005970 // CNNVD: CNNVD-201707-615 // NVD: CVE-2017-2349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2349
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-2349
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2349
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-615
value: HIGH

Trust: 0.6

VULHUB: VHN-110552
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2349
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110552
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2349
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2017-2349
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-110552 // JVNDB: JVNDB-2017-005970 // CNNVD: CNNVD-201707-615 // NVD: CVE-2017-2349 // NVD: CVE-2017-2349

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-110552 // JVNDB: JVNDB-2017-005970 // NVD: CVE-2017-2349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-615

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201707-615

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005970

PATCH
title:JSA10801url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10801&actp=METADATA
Trust: 0.8
title:Juniper MX Series device Junos OS Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71733
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005970 // 
            
            
            
            CNNVD: CNNVD-201707-615

EXTERNAL IDS
db:NVDid:CVE-2017-2349
Trust: 2.8
db:JUNIPERid:JSA10801
Trust: 2.0
db:SECTRACKid:1038898
Trust: 1.7
db:JVNDBid:JVNDB-2017-005970
Trust: 0.8
db:CNNVDid:CNNVD-201707-615
Trust: 0.7
db:BIDid:100330
Trust: 0.4
db:VULHUBid:VHN-110552
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110552 // 
            
            
            
            BID: 100330 // 
            
            
            
            JVNDB: JVNDB-2017-005970 // 
            
            
            
            CNNVD: CNNVD-201707-615 // 
            
            
            
            NVD: CVE-2017-2349

REFERENCES
url:https://kb.juniper.net/jsa10801
Trust: 1.7
url:http://www.securitytracker.com/id/1038898
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2349
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2349
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10801
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110552 // 
            
            
            
            BID: 100330 // 
            
            
            
            JVNDB: JVNDB-2017-005970 // 
            
            
            
            CNNVD: CNNVD-201707-615 // 
            
            
            
            NVD: CVE-2017-2349

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100330

SOURCES
db:VULHUBid:VHN-110552
db:BIDid:100330
db:JVNDBid:JVNDB-2017-005970
db:CNNVDid:CNNVD-201707-615
db:NVDid:CVE-2017-2349

LAST UPDATE DATE
2025-04-20T23:42:11.654000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110552date:2019-10-09T00:00:00
db:BIDid:100330date:2017-07-12T00:00:00
db:JVNDBid:JVNDB-2017-005970date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-615date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2349date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110552date:2017-07-17T00:00:00
db:BIDid:100330date:2017-07-12T00:00:00
db:JVNDBid:JVNDB-2017-005970date:2017-08-14T00:00:00
db:CNNVDid:CNNVD-201707-615date:2017-07-19T00:00:00
db:NVDid:CVE-2017-2349date:2017-07-17T13:18:24.610