PT-2017-15376 · Juniper Networks · Junos
Published
2017-07-14
·
Updated
2019-10-09
·
CVE-2017-2349
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Junos OS versions 12.1X44 prior to 12.1X44-D60
Junos OS versions 12.1X46 prior to 12.1X46-D50
Junos OS versions 12.1X47 prior to 12.1X47-D35
Junos OS versions 12.3X48 prior to 12.3X48-D30
Junos OS versions 15.1X49 prior to 15.1X49-D30
Description
A command injection issue in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges.
Recommendations
For Junos OS versions 12.1X44 prior to 12.1X44-D60, update to version 12.1X44-D60 or later.
For Junos OS versions 12.1X46 prior to 12.1X46-D50, update to version 12.1X46-D50 or later.
For Junos OS versions 12.1X47 prior to 12.1X47-D35, update to version 12.1X47-D35 or later.
For Junos OS versions 12.3X48 prior to 12.3X48-D30, update to version 12.3X48-D30 or later.
For Junos OS versions 15.1X49 prior to 15.1X49-D30, update to version 15.1X49-D30 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos