How severe is CVE-2017-10606?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2017-10606?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2017-10606 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.

Related Vulnerabilities

CVE-2016-0667

MEDIUM

CVSS:4.4(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.

NVD-CWE-Other2016

CVE-2016-0674

MEDIUM

CVSS:4.4(Medium)

Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email.

NVD-CWE-Other2016

CVE-2016-3480

MEDIUM

CVSS:4.4(Medium)

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.

NVD-CWE-Other2016

CVE-2016-3488

MEDIUM

CVSS:4.4(Medium)

Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.

NVD-CWE-Other2016

CVE-2016-5584

MEDIUM

CVSS:4.4(Medium)

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security:...

NVD-CWE-Other2016

CVE-2016-7155

MEDIUM

CVSS:4.4(Medium)

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page c...

NVD-CWE-Other2016