{"containers":{"cna":{"affected":[{"product":"Junos OS","vendor":"Juniper Networks","versions":[{"status":"affected","version":"12.3 prior to 12.3R10, 12.3R11"},{"status":"affected","version":"12.3X48 prior to 12.3X48-D20"},{"status":"affected","version":"13.2 prior to 13.2R8"},{"status":"affected","version":"13.3 prior to 13.3R7"},{"status":"affected","version":"14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6"},{"status":"affected","version":"14.1X53 prior to 14.1X53-D30"},{"status":"affected","version":"14.2 prior to 14.2R4"},{"status":"affected","version":"15.1 prior to 15.1F2, 15.1F3, 15.1R2"}]}],"datePublic":"2017-07-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"authentication bypass vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-15T09:57:01.000Z","orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://kb.juniper.net/JSA10802"},{"name":"1038902","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1038902"}],"title":"Junos OS: Insufficient authentication for user login when a specific system configuration error occurs.","workarounds":[{"lang":"en","value":"Make sure authentication works as expected after a system configuration change.\n\nUse the SSH certificate based authentication.\n\nUse access lists or firewall filters to limit access to the device only from trusted administrative hosts, networks and users."}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"sirt@juniper.net","DATE_PUBLIC":"2017-07-12T09:00","ID":"CVE-2017-10601","STATE":"PUBLIC","TITLE":"Junos OS: Insufficient authentication for user login when a specific system configuration error occurs."},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Junos OS","version":{"version_data":[{"platform":"","version_value":"12.3 prior to 12.3R10, 12.3R11"},{"platform":"","version_value":"12.3X48 prior to 12.3X48-D20"},{"platform":"","version_value":"13.2 prior to 13.2R8"},{"platform":"","version_value":"13.3 prior to 13.3R7"},{"platform":"","version_value":"14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6"},{"platform":"","version_value":"14.1X53 prior to 14.1X53-D30"},{"platform":"","version_value":"14.2 prior to 14.2R4"},{"platform":"","version_value":"15.1 prior to 15.1F2, 15.1F3, 15.1R2"}]}}]},"vendor_name":"Juniper Networks"}]}},"configuration":[],"credit":[],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2."}]},"exploit":"This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.","impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"authentication bypass vulnerability"}]}]},"references":{"reference_data":[{"name":"https://kb.juniper.net/JSA10802","refsource":"CONFIRM","url":"https://kb.juniper.net/JSA10802"},{"name":"1038902","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038902"}]},"solution":"The following software releases have been updated to resolve this specific issue: 12.3R10, 12.3R11, 12.3X48-D20, 13.2R8, 13.3R7, 14.1R4-S12, 14.1R5, 14.1R6, 14.1X53-D30, 14.2R4, 15.1F2, 15.1F3, 15.1R2, 15.1X49-D10, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1075580 and is visible on the Customer Support website.","work_around":[{"lang":"en","value":"Make sure authentication works as expected after a system configuration change.\n\nUse the SSH certificate based authentication.\n\nUse access lists or firewall filters to limit access to the device only from trusted administrative hosts, networks and users."}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T17:41:55.527Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kb.juniper.net/JSA10802"},{"name":"1038902","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1038902"}]}]},"cveMetadata":{"assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","cveId":"CVE-2017-10601","datePublished":"2017-07-14T14:00:00.000Z","dateReserved":"2017-06-28T00:00:00.000Z","dateUpdated":"2024-09-16T19:41:55.318Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}