Vulnerability Description
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Space | <= 16.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98772Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10770MitigationVendor Advisory
- http://www.securityfocus.com/bid/98772Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10770MitigationVendor Advisory
FAQ
What is CVE-2017-2306?
CVE-2017-2306 is a vulnerability with a CVSS score of 8.8 (HIGH). On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
How severe is CVE-2017-2306?
CVE-2017-2306 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2306?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Space.