CVE-2017-10615

CRITICAL

Junos OS 14.1R5-14.1R8-S3, 14.1R9 and 14.1X53 < D50 - Unauthenticated Remote Code Execution via PAM

Title source: llm

Description

A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://kb.juniper.net/JSA10818

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040039

Scores

CVSS v3 9.8

EPSS 0.0172

EPSS Percentile 82.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (6)

juniper/junos 14.1 (9 CPE variants)

juniper/junos 14.1x53 (11 CPE variants)

juniper/junos 14.2 (9 CPE variants)

Juniper Networks/Junos OS 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9

Juniper Networks/Junos OS 14.1X53 prior to 14.1X53-D50

Juniper Networks/Junos OS 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8

Published Oct 13, 2017

Tracked Since Feb 18, 2026