CVE-2017-10617

MEDIUM

Juniper Contrail 2.2-2.21.3, 3.0-3.0.3.3, 3.1-3.1.3.9, 3.2-3.2.4.9 - XML External Entity Injection via ifmap Service

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-10617. PoCs published by gteissier.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2017-10617, an XXE vulnerability in Juniper Contrail's IFMAP service (irond). The PoC demonstrates file disclosure by leveraging XML External Entity injection to read local files, including sensitive credentials.

Description

The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Exploits (1)

nomisec WORKING POC 4 stars

by gteissier · poc

https://github.com/gteissier/CVE-2017-10617

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2017-10617, an XXE vulnerability in Juniper Contrail's IFMAP service (irond). The PoC demonstrates file disclosure by leveraging XML External Entity injection to read local files, including sensitive credentials.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Juniper Contrail (irond) versions 2.2, 3.0, 3.1, and 3.2

Auth required

Prerequisites: Access to the IFMAP service (default port 8443) · Valid credentials (default: test:test)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-wjp8-8qf6-vqmc

Vendor Advisory

https://kb.juniper.net/JSA10819

Scores

CVSS v3 5.0

EPSS 0.0234

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-611

Status published

Products (5)

juniper/contrail 2.2 - 2.21.4

Juniper Networks/Contrail 2.2 - 2.21.4

Juniper Networks/Contrail 3.0 - 3.0.3.4

Juniper Networks/Contrail 3.1 - 3.1.4.0

Juniper Networks/Contrail 3.2 - 3.2.5.0

Published Oct 13, 2017

Tracked Since Feb 18, 2026