#VU7534 OS command injection in Juniper Junos OS - CVE-2017-2349
Published: July 14, 2017 / Updated: July 14, 2017
Vulnerability identifier: #VU7534
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2349
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges.
The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.
Successful exploitation of the vulnerability results in privilege escalation.
Remediation
The vulnerability is addressed in the following versions:
12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50.
12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50.