CVE-2017-2342

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series.

CVSS v3 8.1 HIGH
CVSS v2.0 4.3 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 5.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securitytracker.com/id/1038890	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10790	Vendor Advisory
http://www.securitytracker.com/id/1038890	Third Party Advisory VDB Entry
https://kb.juniper.net/JSA10790	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:15.1x49:d20::::::
	cpe:2.3:o:juniper:junos:15.1x49:d30::::::
	cpe:2.3:o:juniper:junos:15.1x49:d35::::::
	cpe:2.3:o:juniper:junos:15.1x49:d40::::::
	cpe:2.3:o:juniper:junos:15.1x49:d45::::::
	cpe:2.3:o:juniper:junos:15.1x49:d50::::::
	cpe:2.3:o:juniper:junos:15.1x49:d55::::::
	cpe:2.3:o:juniper:junos:15.1x49:d60::::::
	cpe:2.3:o:juniper:junos:15.1x49:d65::::::
	cpe:2.3:o:juniper:junos:15.1x49:d70::::::
	cpe:2.3:o:juniper:junos:15.1x49:d75::::::
	cpe:2.3:o:juniper:junos:15.1x49:d80::::::
	cpe:2.3:o:juniper:junos:15.1x49:d90::::::

cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type	Values Removed	Values Added
References	~~() http://www.securitytracker.com/id/1038890 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1038890 - Third Party Advisory, VDB Entry
References	~~() https://kb.juniper.net/JSA10790 - Vendor Advisory~~	() https://kb.juniper.net/JSA10790 - Vendor Advisory

Information

Published : 2017-07-17 13:18

Updated : 2024-11-21 03:23

NVD link : CVE-2017-2342

Mitre link : CVE-2017-2342

CVE.ORG link : CVE-2017-2342

JSON object : View

Products Affected

juniper

srx300
junos

CWE

CWE-392

Missing Report of Error Condition

NVD-CWE-noinfo

8.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2017-2342

8.1^/10

4.3^/10

Attach tags to `CVE-2017-2342`