Details of VAR-201507-0044

ID

VAR-201507-0044

CVE

CVE-2015-5362

TITLE

Juniper Junos OS of BFD Service disruption in daemon (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003641

DESCRIPTION

The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet. Juniper Junos is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in the BFD daemon of Juniper Networks Junos OS. The following versions are affected: Juniper Networks Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15 , Version 13.2 before 13.2R8, Version 13.3 before 13.3R6, Version 14.1 before 14.1R5, Version 14.1X50 before 14.1X50-D85, Version 14.1X55 before 14.1X55-D20, Version 14.2 before 14.2R3, Version 15.1 before 15.1R1, 15.1 Version 15.1X49 before X49-D10

Trust: 1.98

sources: NVD: CVE-2015-5362 // JVNDB: JVNDB-2015-003641 // BID: 75721 // VULHUB: VHN-83323

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d25	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x55	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d50	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d15	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x49-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x50-d85	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x49	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d35	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x55-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x50	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1	Trust: 0.8
vendor:	juniper	model:	junos 14.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x50-d70	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r.3-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r8-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r1.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d34	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d32	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.2r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x55-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x50-d85	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r8	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r4	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r2-s3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d35	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d50	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d35	scope:	ne	version:	-	Trust: 0.3

sources: BID: 75721 // JVNDB: JVNDB-2015-003641 // CNNVD: CNNVD-201507-368 // NVD: CVE-2015-5362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5362
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5362
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201507-368
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83323
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5362
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83323
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83323 // JVNDB: JVNDB-2015-003641 // CNNVD: CNNVD-201507-368 // NVD: CVE-2015-5362

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-83323 // JVNDB: JVNDB-2015-003641 // NVD: CVE-2015-5362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-368

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201507-368

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003641

PATCH

title:

JSA10690

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690

Trust: 0.8

sources: JVNDB: JVNDB-2015-003641

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5362	Trust: 2.8
db:	JUNIPER	id:	JSA10690	Trust: 2.0
db:	SECTRACK	id:	1032844	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-003641	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-368	Trust: 0.7
db:	BID	id:	75721	Trust: 0.4
db:	VULHUB	id:	VHN-83323	Trust: 0.1

sources: VULHUB: VHN-83323 // BID: 75721 // JVNDB: JVNDB-2015-003641 // CNNVD: CNNVD-201507-368 // NVD: CVE-2015-5362

REFERENCES

url:	http://www.securitytracker.com/id/1032844	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10690	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5362	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5362	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10690&cat=sirt_1&actp=list	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10690	Trust: 0.1

sources: VULHUB: VHN-83323 // BID: 75721 // JVNDB: JVNDB-2015-003641 // CNNVD: CNNVD-201507-368 // NVD: CVE-2015-5362

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 75721

SOURCES

db:	VULHUB	id:	VHN-83323
db:	BID	id:	75721
db:	JVNDB	id:	JVNDB-2015-003641
db:	CNNVD	id:	CNNVD-201507-368
db:	NVD	id:	CVE-2015-5362

LAST UPDATE DATE

2025-04-13T23:35:07.732000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83323	date:	2015-07-15T00:00:00
db:	BID	id:	75721	date:	2015-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-003641	date:	2015-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201507-368	date:	2015-07-17T00:00:00
db:	NVD	id:	CVE-2015-5362	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83323	date:	2015-07-14T00:00:00
db:	BID	id:	75721	date:	2015-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-003641	date:	2015-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201507-368	date:	2015-07-15T00:00:00
db:	NVD	id:	CVE-2015-5362	date:	2015-07-14T17:59:11.010