CVE-2017-10606
CVE-2017-10606 is a medium-severity vulnerability in Juniper Trusted Platform Module Firmware with a CVSS 3.x base score of 4.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 4.4)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (24th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Juniper Trusted Platform Module Firmware
- Published:
- Last modified:
Description
Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.
Frequently asked questions
- What is CVE-2017-10606?
- Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.
- How severe is CVE-2017-10606?
- CVE-2017-10606 has a CVSS 3.x base score of 4.4, rated medium severity. It is exploitable over local access with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2017-10606 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (24th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-10606?
- CVE-2017-10606 affects Juniper Trusted Platform Module Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2017-10606?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-10606 published?
- CVE-2017-10606 was published on 2017-10-13 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:juniper:trusted_platform_module_firmware:4.40:*:*:*:*:*:*:*