How severe is CVE-2017-10604?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2017-10604?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2017-10604

MEDIUM Year: 2017

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-307

View all →

Vulnerability Description

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series.

CVE-2018-16703

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in...

CWE-3072018

CVE-2019-0039

MEDIUM

CVSS:5.3(Medium)

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using adv...

CWE-3072019

CVE-2019-1126

MEDIUM

CVSS:5.3(Medium)

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an atta...

CWE-3072019

CVE-2020-1616

MEDIUM

CVSS:5.3(Medium)

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) ...

CWE-3072020

CVE-2020-4232

MEDIUM

CVSS:5.3(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system...

CWE-3072020

CVE-2020-7057

MEDIUM

CVSS:5.3(Medium)

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists,...

CWE-3072020

CVE-2017-10604

Vulnerability Description

Related Vulnerabilities

CVE-2018-16703

CVE-2019-0039

CVE-2019-1126

CVE-2020-1616

CVE-2020-4232

CVE-2020-7057