VDB
CVE-2017-10615
CVE-2017-10615
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.
EPSS 1.72% · 82.7th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.72%
82.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| juniper | junos | 14.1, 14.1, 14.1 |
| Juniper Networks | Junos OS | 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9, 14.1X53 prior to 14.1X53-D50, 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8 |
Exploit Intelligence
- Contrail: hard coded credentials (CVE-2017-10616) and XML External Entity (XXE) vulnerability (CVE-2017-10617) (github-poc)
- Contrail: hard coded credentials (CVE-2017-10616) and XML External Entity (XXE) vulnerability (CVE-2017-10617) (github-poc)
- Contrail: hard coded credentials (CVE-2017-10616) and XML External Entity (XXE) vulnerability (CVE-2017-10617) (github-poc)
- Contrail: hard coded credentials (CVE-2017-10616) and XML External Entity (XXE) vulnerability (CVE-2017-10617) (github-poc)
- CVE-2016-8610 (SSL Death Alert) PoC (github-poc)
- CVE-2016-8610 (SSL Death Alert) PoC (github-poc)
- CVE-2016-8610 (SSL Death Alert) PoC (github-poc)
- CVE-2016-8610 (SSL Death Alert) PoC (github-poc)
- theo543/OSDS_Paper_CVE-2016-5195 (github-poc)
- theo543/OSDS_Paper_CVE-2016-5195 (github-poc)
…and 252 more exploits
Timeline
- Oct 13, 2017 CVE Published
- Jan 16, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- May 28, 2021 PoC Published
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Jul 29, 2022 PoC Published
- Sep 5, 2022 EPSS Score
References
- http://www.securitytracker.com/id/1040039 url
- https://kb.juniper.net/JSA10818 url
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10810&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10822&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10808&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10818&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10813&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10814&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10811&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10819&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10816&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10820&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10821&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10809&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10824&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10817&cat=SIRT_1&actp=LIST advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-10615 advisory