Skip to content

Juniper Contrail - The XML External Entity (XXE) vulnerability (CVE-2017-10617)

Moderate
orange-cert-cc published GHSA-wjp8-8qf6-vqmc Jan 6, 2023

Package

Contrail (Juniper)

Affected versions

2.2
3.0
3.1
3.2

Patched versions

2.2.1.4
3.0.3.4
3.1.4.0
3.2.5.0

Description

Overview

The ifmap service has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files.

Impact

The vulnerable service in Contrail product is an IFMAP daemon, which is packaged from irond. To keep things simple, let's continue with irond and exploit of the XXE vulnerability.

Affected versions

This issue affects Contrail 2.2, 3.0, 3.1, 3.2.

Proof of Concept

Any details about the vulnerability is available from Guillaume TEISSIER's GitHub

Solution

Security patch

Upgrade to Contrail 2.21.4, 3.0.3.4, 3.1.4.0, 3.2.5.0 and all subsequent releases.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-10617
https://supportportal.juniper.net/s/article/2017-10-Security-Bulletin-Contrail-hard-coded-credentials-CVE-2017-10616-and-XML-External-Entity-XXE-vulnerability-CVE-2017-10617
https://github.com/gteissier/CVE-2017-10617

Credits

Orange CERT-CC
Guillaume TEISSIER at Orange group

Timeline

Date reported: June 13, 2017
Date fixed: September 29, 2017

Severity

Moderate
5.0
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE ID

CVE-2017-10617

Weaknesses