Information Leak Vulnerability in Juniper Networks NorthStar Controller Application
CVE-2017-2334

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Northstar Controller Application
Vendor: CVE Published:; 24 April 2017

Summary

An information leak vulnerability exists in Juniper Networks NorthStar Controller Application versions prior to 2.1.0 Service Pack 1. This flaw can permit a network-based malicious attacker to execute a man-in-the-middle attack, compromising encrypted communication paths. As a result, sensitive authentication credentials may be exposed, potentially granting the attacker unauthorized access and control over the system.

Affected Version(s)

NorthStar Controller Application prior to version 2.1.0 Service Pack 1

References

https://kb.juniper.net/JSA10783

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97616

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 1, 2016