CVE-2017-2308

MEDIUM

Juniper Networks Junos Space <16.1R1 - Info Disclosure

Title source: llm

Description

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98755

[Mitigation, Vendor Advisory] https://kb.juniper.net/JSA10770

Scores

CVSS v3 6.5

EPSS 0.0028

EPSS Percentile 50.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (2)

juniper/junos_space < 16.1

Juniper Networks/Junos Space < versions prior to 16.1R1

Published May 30, 2017

Tracked Since Feb 18, 2026