Information disclosure in Juniper Junos_space
CVE-2017-2309
On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.
Vulnerability class: Information Disclosure
EPSS: 0.002 (44.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Juniper Junos_space
- Juniper Networks Junos Space — versions versions prior to 16.1R1
Weakness classification (CWE)
References
- sirt@juniper.net (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- sirt@juniper.net (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-2309?
- CVE-2017-2309 is a medium-severity vulnerability in Juniper Junos_space, classified under Information Disclosure. CVSS score: 5.9/10. Published 2017-05-30.
- How severe is CVE-2017-2309?
- Medium severity. CVSS v3 base score is 5.9 out of 10.