1. Home
  2. CVE Database
  3. CVE-2017-2341
HIGH · 8.8

CVE-2017-2341

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the hos...

Vulnerability Description

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos14.1x53
JuniperQfx5110-
JuniperQfx5200-
JuniperQfx10002-
JuniperQfx10008-
JuniperQfx10016-
JuniperEx4600-
JuniperNfx250-
JuniperVsrx-
JuniperSrx1500-
JuniperSrx4100-
JuniperSrx4200-
JuniperAcx5000-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2017-2341?

CVE-2017-2341 is a vulnerability with a CVSS score of 8.8 (HIGH). An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the hos...

How severe is CVE-2017-2341?

CVE-2017-2341 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2341?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Qfx5110, Juniper Qfx5200, Juniper Qfx10002, Juniper Qfx10008.