CVE-2017-10615

A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.

Published: Oct 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10615
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
juniper / junos	14.1-r1	14.1-r1.x
juniper / junos	14.1-r4	14.1-r4.x
juniper / junos	14.1	14.1.x
juniper / junos	14.1-r3	14.1-r3.x
juniper / junos	14.1-r9	14.1-r9.x
juniper / junos	14.1-r7	14.1-r7.x
juniper / junos	14.1-r6	14.1-r6.x
juniper / junos	14.1-r2	14.1-r2.x
juniper / junos	14.1-r5	14.1-r5.x
juniper / junos	14.1x53-d45	14.1x53-d45.x
juniper / junos	14.1x53-d15	14.1x53-d15.x
juniper / junos	14.1x53-d35	14.1x53-d35.x
juniper / junos	14.1x53-d10	14.1x53-d10.x
juniper / junos	14.1x53-d40	14.1x53-d40.x
juniper / junos	14.1x53-d30	14.1x53-d30.x
juniper / junos	14.1x53-d25	14.1x53-d25.x
juniper / junos	14.1x53-d27	14.1x53-d27.x
juniper / junos	14.1x53-d16	14.1x53-d16.x
juniper / junos	14.1x53	14.1x53.x
juniper / junos	14.1x53-d26	14.1x53-d26.x
juniper / junos	14.2-r1	14.2-r1.x
juniper / junos	14.2-r2	14.2-r2.x
juniper / junos	14.2-r3	14.2-r3.x
juniper / junos	14.2-r6	14.2-r6.x
juniper / junos	14.2	14.2.x
juniper / junos	14.2-r8	14.2-r8.x
juniper / junos	14.2-r7	14.2-r7.x
juniper / junos	14.2-r4	14.2-r4.x
juniper / junos	14.2-r5	14.2-r5.x

Vulnerability Database

290,300

CVE-2017-10615