CVE-2017-10603
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 15.1X53 prior to 15.1X53-D47 | affected |
| Juniper Networks | Junos OS | 15.1 prior to 15.1R3 | affected |
Weaknesses
- XML injection
Workarounds
There is no direct workaround to completely eliminate the risk of this vulnerability.
Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.