CVE-2017-2320

critical

Published 2017-04-24 · Modified 2026-05-13

CVSS v3

10.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

10.0

Description

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.

Predictions

Exploit likelihood

98%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: sirt@juniper.net — https://kb.juniper.net/JSA10783

Application impact

Vendor	Product	Versions	Fixed
juniper	northstar_controller	`{"endIncluding":"2.1.0"}`

References

http://www.securityfocus.com/bid/97687
https://kb.juniper.net/JSA10783
http://www.securityfocus.com/bid/97687
https://kb.juniper.net/JSA10783

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.