CVE-2017-10603

An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue.

Published: Jul 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10603
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-91

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
juniper / junos	15.1x53-d10	15.1x53-d10.x
juniper / junos	15.1x53-d40	15.1x53-d40.x
juniper / junos	15.1x53-d20	15.1x53-d20.x
juniper / junos	15.1x53-d30	15.1x53-d30.x
juniper / junos	15.1x53	15.1x53.x
juniper / junos	15.1x53-d33	15.1x53-d33.x
juniper / junos	15.1x53-d25	15.1x53-d25.x
juniper / junos	15.1x53-d32	15.1x53-d32.x
juniper / junos	15.1x53-d34	15.1x53-d34.x
juniper / junos	15.1x53-d21	15.1x53-d21.x
juniper / junos	15.1x53-d45	15.1x53-d45.x
juniper / junos	15.1-f1	15.1-f1.x
juniper / junos	15.1-f2-s3	15.1-f2-s3.x
juniper / junos	15.1-f7	15.1-f7.x
juniper / junos	15.1-f2-s2	15.1-f2-s2.x
juniper / junos	15.1-f4	15.1-f4.x
juniper / junos	15.1-f2-s4	15.1-f2-s4.x
juniper / junos	15.1-f6	15.1-f6.x
juniper / junos	15.1-f2	15.1-f2.x
juniper / junos	15.1-a1	15.1-a1.x
juniper / junos	15.1-f3	15.1-f3.x
juniper / junos	15.1-r2	15.1-r2.x
juniper / junos	15.1-r1	15.1-r1.x
juniper / junos	15.1-f2-s1	15.1-f2-s1.x
juniper / junos	15.1	15.1.x

Vulnerability Database

290,278

CVE-2017-10603