XML External Entity Injection Vulnerability in Juniper Networks Junos Space
CVE-2017-2308

6.5MEDIUM

Key Information:

Vendor

Juniper Networks
Status
Junos Space
Vendor
CVE Published:
30 May 2017

What is CVE-2017-2308?

An XML External Entity Injection vulnerability exists in specific versions of Juniper Networks' Junos Space, allowing an authenticated user to exploit the system. This may enable the user to read arbitrary files on the device, presenting potential risks for data confidentiality and integrity. Proper security measures should be implemented to mitigate this risk.

Affected Version(s)

Junos Space versions prior to 16.1R1

References

https://kb.juniper.net/JSA10770
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98755
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.