CVE-2017-2308
medium
CVSS v3
6.5
CVSS v2
5.0
VIR risk
6.5
Description
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: sirt@juniper.net — https://kb.juniper.net/JSA10770
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| juniper | junos_space | {"endIncluding":"16.1"} | |
References
CWEs
CWE-611
Verify integrity in audit chain (admin only). AS-IS.