CVE-2017-10606 — MEDIUM (4.4)

Vulnerability Description

Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Trusted Platform Module Firmware	4.40
Juniper	Srx300	-
Juniper	Srx320	-
Juniper	Srx340	-
Juniper	Srx345	-

References

https://kb.juniper.net/JSA10809Vendor Advisory
https://kb.juniper.net/JSA10809Vendor Advisory

FAQ

What is CVE-2017-10606?

CVE-2017-10606 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information...

How severe is CVE-2017-10606?

CVE-2017-10606 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-10606?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Trusted Platform Module Firmware, Juniper Srx300, Juniper Srx320, Juniper Srx340, Juniper Srx345.