{"containers":{"cna":{"affected":[{"product":"Junos OS","vendor":"Juniper Networks","versions":[{"status":"affected","version":"12.1X44 prior to 12.1X44-D60"},{"status":"affected","version":"12.1X46 prior to 12.1X46-D50"},{"status":"affected","version":"12.1X47 prior to 12.1X47-D30, 12.1X47-D35"},{"status":"affected","version":"12.3X48 prior to 12.3X48-D20, 12.3X48-D30"},{"status":"affected","version":"15.1X49 prior to 15.1X49-D20, 15.1X49-D30"}]}],"datePublic":"2017-07-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"command injection","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-15T09:57:01.000Z","orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper"},"references":[{"name":"1038898","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1038898"},{"tags":["x_refsource_CONFIRM"],"url":"https://kb.juniper.net/JSA10801"}],"title":"SRX Series: Command injection vulnerability in SRX IDP feature.","workarounds":[{"lang":"en","value":"Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"sirt@juniper.net","DATE_PUBLIC":"2017-07-12T09:00","ID":"CVE-2017-2349","STATE":"PUBLIC","TITLE":"SRX Series: Command injection vulnerability in SRX IDP feature."},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Junos OS","version":{"version_data":[{"platform":"","version_value":"12.1X44 prior to 12.1X44-D60"},{"platform":"","version_value":"12.1X46 prior to 12.1X46-D50"},{"platform":"","version_value":"12.1X47 prior to 12.1X47-D30, 12.1X47-D35"},{"platform":"","version_value":"12.3X48 prior to 12.3X48-D20, 12.3X48-D30"},{"platform":"","version_value":"15.1X49 prior to 15.1X49-D20, 15.1X49-D30"}]}}]},"vendor_name":"Juniper Networks"}]}},"configuration":[],"credit":[],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30."}]},"exploit":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.","impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"command injection"}]}]},"references":{"reference_data":[{"name":"1038898","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038898"},{"name":"https://kb.juniper.net/JSA10801","refsource":"CONFIRM","url":"https://kb.juniper.net/JSA10801"}]},"solution":"The following software releases have been updated to resolve this specific issue: 12.1X44-D60, 12.1X47-D30, 12.1X47-D35, 12.3X48-D20, 12.3X48-D30, 15.1X49-D20, 15.1X49-D30, 12.1X46-D50, and all subsequent releases.\n\nThis issue is being tracked as PR 1091623 and is visible on the Customer Support website.","work_around":[{"lang":"en","value":"Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators."}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T13:48:05.315Z"},"title":"CVE Program Container","references":[{"name":"1038898","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1038898"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kb.juniper.net/JSA10801"}]}]},"cveMetadata":{"assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","cveId":"CVE-2017-2349","datePublished":"2017-07-14T14:00:00.000Z","dateReserved":"2016-12-01T00:00:00.000Z","dateUpdated":"2024-09-16T18:03:26.230Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}