CVE-2017-10623 HIGH

CVE-2017-10623: Junos Space: Insufficient verification of cluster messages

Vendor Juniper Networks
Product Junos Space
Published October 13, 2017
Last update September 17, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

Key dates

02Disclosure timeline

October 13, 2017 CVE published
September 17, 2024 Record updated