CVE-2017-10617

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:juniper:contrail:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:*:*:*:*:*:*:*:*

History

30 Jan 2023, 18:59

Type Values Removed Values Added
CPE cpe:2.3:a:juniper:contrail:2.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:3.1:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:3.0:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:3.2:*:*:*:*:*:*:*
cpe:2.3:a:juniper:contrail:*:*:*:*:*:*:*:*
References (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wjp8-8qf6-vqmc - (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wjp8-8qf6-vqmc - Third Party Advisory

13 Jan 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wjp8-8qf6-vqmc -

Information

Published : 2017-10-13 17:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-10617

Mitre link : CVE-2017-10617

CVE.ORG link : CVE-2017-10617


JSON object : View

Products Affected

juniper

  • contrail
CWE
CWE-611

Improper Restriction of XML External Entity Reference