CVE |
CVSS v3 base score |
Summary |
CVE-2017-2316 |
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) |
An authenticated malicious user may cause a buffer overflow leading to a denial of service. |
CVE-2017-2317 |
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) |
An unauthenticated, unprivileged, network-based attacker may cause denials of services to underlying database tables leading to potential information disclosure, modification of system states, and partial to full denial of services relying upon data modified by an attacker. |
CVE-2017-2318 |
8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) |
An authenticated malicious user may read log files which will compromise the integrity of the system, or provide elevation of privileges. |
CVE-2017-2319 |
8.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) |
A malicious attacker may compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result. |
CVE-2017-2320 |
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) |
An unauthenticated, unprivileged, network-based attacker may cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. |
CVE-2017-2321 |
8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) |
An unauthenticated, unprivileged, network-based attacker may cause various system services partial to full denials of services, modification of system states and files, and potential disclosure of sensitive information which may assist the attacker in further attacks on the system through the use of multiple attack vectors, including man-in-the-middle attacks, file injections, and malicious execution of commands causing out of bound memory conditions leading to other attacks. |
CVE-2017-2322 |
5.2 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L) |
An authenticated user can cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services. |
CVE-2017-2323 |
8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) |
A malicious attacker crafting packets destined to the device may cause a persistent denial of service to the Path Computation Server service. |
CVE-2017-2324 |
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) |
A network-based malicious attacker can cause a denial of service via remote command injection. |
CVE-2017-2325 |
8.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) |
An authenticated malicious user may cause a buffer overflow leading to a denial of service. |
CVE-2017-2326 |
8.4 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) |
An unprivileged, authenticated, network-based attacker can replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. |
CVE-2017-2327 |
5.9 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H) |
An authenticated malicious user may be able to consume large amounts of system resources leading to a cascading denial of services. |
CVE-2017-2328 |
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) |
An unprivileged, authenticated, user can elevate their permissions through reading unprivileged information stored in the NorthStar controller. |
CVE-2017-2329 |
6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) |
An unprivileged, authenticated, user can execute certain specific unprivileged system files capable of causing widespread denials of system services. |
CVE-2017-2330 |
6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) |
An unauthenticated, local user, may create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services. |
CVE-2017-2331 |
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) |
A network-based malicious attacker can bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service. |
CVE-2017-2332 |
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) |
An insufficient authentication vulnerability may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control over the environment. |
CVE-2017-2333 |
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) |
A malicious, network-based, authenticated attacker may be able to consume enough system resources to cause a persistent denial of service by visiting certain specific URLs on the server. |
CVE-2017-2334 |
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) |
A network-based malicious attacker can perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system. |