Vulnerability Description
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 14.1 |
| Juniper | Ex3200 | - |
| Juniper | Ex3300 | - |
| Juniper | Ex3300-Vc | - |
| Juniper | Ex4200 | - |
| Juniper | Ex4200-Vc | - |
| Juniper | Ex4300 | - |
| Juniper | Ex4300-Vc | - |
| Juniper | Ex4500 | - |
| Juniper | Ex4500-Vc | - |
| Juniper | Ex4550 | - |
| Juniper | Ex4550-Vc | - |
| Juniper | Ex4600 | - |
| Juniper | Ex4600-Vc | - |
| Juniper | Ex6200 | - |
| Juniper | Ex8200 | - |
| Juniper | Ex8200-Vc | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1040039
- https://kb.juniper.net/JSA10818Vendor Advisory
- http://www.securitytracker.com/id/1040039
- https://kb.juniper.net/JSA10818Vendor Advisory
FAQ
What is CVE-2017-10615?
CVE-2017-10615 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons suc...
How severe is CVE-2017-10615?
CVE-2017-10615 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-10615?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex3200, Juniper Ex3300, Juniper Ex3300-Vc, Juniper Ex4200.