CVE-2017-10622

{"id": "CVE-2017-10622", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-13T17:29:01.003", "references": [{"url": "http://www.securityfocus.com/bid/101258", "tags": ["Third Party Advisory", "VDB Entry"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA10824", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Juniper Networks Junos Space Network Management Platform puede permitir a un atacante remoto no autenticado en la red iniciar sesi\u00f3n como cualquier usuario privilegiado. Este problema solo afecta a Junos Space Network Management Platform 17.1R1 sin Patch v1 y las distribuciones 16.1 anteriores a la 16.1R3. Un investigador de seguridad externo descubri\u00f3 este problema."}], "lastModified": "2019-10-09T23:21:42.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_space:16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7481D0BF-0B4E-41E1-9DC7-0CBEE8375A1D"}, {"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "882C4D7A-293C-4587-84B1-822F63D53D2F"}, {"criteria": "cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A98BA3F-35BD-4C8D-80B4-B85C3B32F5AD"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}