OS command injection in Juniper Junos OS - CVE-2017-2349
Published: July 14, 2017 / Updated: July 14, 2017
Vulnerability identifier: #VU7534
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2349
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges.
The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.
Successful exploitation of the vulnerability results in privilege escalation.
How to mitigate CVE-2017-2349
The vulnerability is addressed in the following versions:
12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50.
12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50.