← Back

CVE-2017-10615

nvd nist
Published: Oct 13, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.

Affected (29)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.1
Junos
Version 14.1 r1
Junos
Version 14.1 r2
Junos
Version 14.1 r3
Junos
Version 14.1 r4
Junos
Version 14.1 r5
Junos
Version 14.1 r6
Junos
Version 14.1 r7
Junos
Version 14.1 r9
Configuration B
11 vulnerable · 16 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.1x53
Junos
Version 14.1x53 d10
Junos
Version 14.1x53 d15
Junos
Version 14.1x53 d16
Junos
Version 14.1x53 d25
Junos
Version 14.1x53 d26
Junos
Version 14.1x53 d27
Junos
Version 14.1x53 d30
Junos
Version 14.1x53 d35
Junos
Version 14.1x53 d40
Junos
Version 14.1x53 d45
Running on/withPlatform Versions
Juniper
Ex3200
All versions
Juniper
Ex3300
All versions
Juniper
Ex3300 Vc
All versions
Juniper
Ex4200
All versions
Juniper
Ex4200 Vc
All versions
Juniper
Ex4300
All versions
Juniper
Ex4300 Vc
All versions
Juniper
Ex4500
All versions
Juniper
Ex4500 Vc
All versions
Juniper
Ex4550
All versions
Juniper
Ex4550 Vc
All versions
Juniper
Ex4600
All versions
Juniper
Ex4600 Vc
All versions
Juniper
Ex6200
All versions
Juniper
Ex8200
All versions
Juniper
Ex8200 Vc
All versions
Configuration C
9 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.2
Junos
Version 14.2 r1
Junos
Version 14.2 r2
Junos
Version 14.2 r3
Junos
Version 14.2 r4
Junos
Version 14.2 r5
Junos
Version 14.2 r6
Junos
Version 14.2 r7
Junos
Version 14.2 r8

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: sirt@juniper.net
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.