← Back

CVE-2017-2341

nvd nist
Published: Jul 17, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: NVD

Description

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue.

Affected (38)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
1 platform
Running on/withPlatform Versions
Juniper
Qfx5110
All versions
Configuration B
1 platform
Running on/withPlatform Versions
Juniper
Qfx5200
All versions
Configuration C
1 platform
Running on/withPlatform Versions
Juniper
Qfx10002
All versions
Configuration D
1 platform
Running on/withPlatform Versions
Juniper
Qfx10008
All versions
Configuration E
1 platform
Running on/withPlatform Versions
Juniper
Qfx10016
All versions
Configuration G
8 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.1x53-d10
Junos
Version 14.1x53-d15
Junos
Version 14.1x53-d25
Junos
Version 14.1x53-d26
Junos
Version 14.1x53-d27
Junos
Version 14.1x53-d30
Junos
Version 14.1x53-d35
Junos
Version 14.1x53
Running on/withPlatform Versions
Juniper
Nfx250
All versions
Configuration H
17 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 15.1
Junos
Version 15.1 a1
Junos
Version 15.1 f1
Junos
Version 15.1 f2-s1
Junos
Version 15.1 f2-s2
Junos
Version 15.1 f2-s3
Junos
Version 15.1 f2-s4
Junos
Version 15.1 f2
Junos
Version 15.1 f3
Junos
Version 15.1 f4
Junos
Version 15.1 f5
Junos
Version 15.1 f6
Junos
Version 15.1 f7
Junos
Version 15.1 r1
Junos
Version 15.1 r2
Junos
Version 15.1 r3
Junos
Version 15.1 r4
Configuration I
1 platform
Running on/withPlatform Versions
Juniper
Vsrx
All versions
Configuration J
1 platform
Running on/withPlatform Versions
Juniper
Srx1500
All versions
Configuration K
1 platform
Running on/withPlatform Versions
Juniper
Srx4100
All versions
Configuration L
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 15.1x49
Junos
Version 15.1x49 d10
Junos
Version 15.1x49 d20
Junos
Version 15.1x49 d30
Junos
Version 15.1x49 d35
Junos
Version 15.1x49 d40
Junos
Version 15.1x49 d45
Junos
Version 15.1x49 d50
Junos
Version 15.1x49 d55
Junos
Version 15.1x49 d60
Junos
Version 15.1x49 d65
Running on/withPlatform Versions
Juniper
Srx4200
All versions
Configuration M
1 platform
Running on/withPlatform Versions
Juniper
Ex4600
All versions
Configuration N
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 16.1
Junos
Version 16.1 r1
Running on/withPlatform Versions
Juniper
Acx5000
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.