CVE-2017-2349
Last modified
CVE-2017-2349 is a vulnerability of currently unknown severity. A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.
Description
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | 12.1x44 | — |
| Juniper | Junos | 12.1x46 | — |
| Juniper | Junos | 12.1x47 | — |
| Juniper | Junos | 12.3x48 | — |
| Juniper | Junos | 15.1x49 | D10 |
References
- http://www.securitytracker.com/id/1038898Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10801Vendor Advisory
- http://www.securitytracker.com/id/1038898Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10801Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2349?
How severe is CVE-2017-2349?
How do I fix CVE-2017-2349?
Are you affected by CVE-2017-2349?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST