CVE-2017-10606

{"id": "CVE-2017-10606", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2017-10-13T17:29:00.457", "references": [{"url": "https://kb.juniper.net/JSA10809", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue."}, {"lang": "es", "value": "La versi\u00f3n 4.40 de firmware del TPM (Trusted Platform Module) en la serie SRX300 de Juniper Networks tiene una vulnerabilidad a la hora de generar claves criptogr\u00e1ficas que podr\u00eda permitir que un atacante descifre informaci\u00f3n sensible en los productos de la serie SRX300. El TPM se utiliza en la serie SRX300 para cifrar datos de configuraci\u00f3n sensibles. Aunque otros productos tambi\u00e9n dan servicio con un TPM, no existen otros productos o plataformas que se vean afectados por esta vulnerabilidad. Los clientes pueden confirmar la versi\u00f3n del firmware del TPM mediante el comando \"show security tpm status\". Un investigador de seguridad externo descubri\u00f3 este problema. No hay ning\u00fan otro producto o plataforma de Juniper Networks que se vea afectado por este problema."}], "lastModified": "2019-10-09T23:21:39.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:trusted_platform_module_firmware:4.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F31C77A3-3CDB-4393-A6CC-7B1F54CF27E3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A"}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78"}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA"}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}