Vulnerability Description
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Space | <= 16.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98755Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10770MitigationVendor Advisory
- http://www.securityfocus.com/bid/98755Third Party AdvisoryVDB Entry
- https://kb.juniper.net/JSA10770MitigationVendor Advisory
FAQ
What is CVE-2017-2308?
CVE-2017-2308 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
How severe is CVE-2017-2308?
CVE-2017-2308 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2308?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Space.