Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-2321

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks.

Published

2017-04-24T15:59:00.473

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	juniper	northstar_controller	≤ 2.1.0	Yes

References

http://www.securityfocus.com/bid/97693 Third Party Advisory, VDB Entry ([email protected])
https://kb.juniper.net/JSA10783 Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/97693 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10783 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)