Details of VAR-201601-0048

ID

VAR-201601-0048

CVE

CVE-2016-1260

TITLE

Juniper EX4300 Runs on a series switch Junos OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001294

DESCRIPTION

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Juniper Networks Junos OS on EX4300 is a network operating system developed by Juniper Networks (Juniper Networks) running on EX4300 series Ethernet switches. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos OS on EX4300 series devices. The following releases are affected: Juniper Networks Junos OS prior to 13.2X51-D36, 14.1X53 prior to 14.1X53-D25, and 15.2 prior to 15.2R1

Trust: 2.07

sources: NVD: CVE-2016-1260 // JVNDB: JVNDB-2016-001294 // BID: 80770 // VULHUB: VHN-90079 // VULMON: CVE-2016-1260

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	13.2x51	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.2	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	eq	version:	15.2r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	14.1x53	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d25	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.2	Trust: 0.8
vendor:	juniper	model:	junos 14.1x53-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d18	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d16	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d12	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x52-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x52-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d27.2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d25.2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d15.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x50-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x50-d15.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	ex4300 series switches	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 15.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d26	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d39	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d36	scope:	ne	version:	-	Trust: 0.3

sources: BID: 80770 // JVNDB: JVNDB-2016-001294 // CNNVD: CNNVD-201601-339 // NVD: CVE-2016-1260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1260
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1260
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201601-339
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90079
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-1260
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1260
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-90079
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1260
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90079 // VULMON: CVE-2016-1260 // JVNDB: JVNDB-2016-001294 // CNNVD: CNNVD-201601-339 // NVD: CVE-2016-1260

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90079 // JVNDB: JVNDB-2016-001294 // NVD: CVE-2016-1260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-339

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201601-339

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001294

PATCH

title:	JSA10719	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10719	Trust: 0.8
title:	Juniper Networks Junos OS Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59657	Trust: 0.6

sources: JVNDB: JVNDB-2016-001294 // CNNVD: CNNVD-201601-339

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1260	Trust: 2.9
db:	JUNIPER	id:	JSA10719	Trust: 2.1
db:	SECTRACK	id:	1035106	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-001294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-339	Trust: 0.7
db:	SECUNIA	id:	68364	Trust: 0.6
db:	BID	id:	80770	Trust: 0.5
db:	VULHUB	id:	VHN-90079	Trust: 0.1
db:	VULMON	id:	CVE-2016-1260	Trust: 0.1

sources: VULHUB: VHN-90079 // VULMON: CVE-2016-1260 // BID: 80770 // JVNDB: JVNDB-2016-001294 // CNNVD: CNNVD-201601-339 // NVD: CVE-2016-1260

REFERENCES

url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10719	Trust: 1.7
url:	http://www.securitytracker.com/id/1035106	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1260	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1260	Trust: 0.8
url:	http://secunia.com/advisories/68364	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10719&actp=rss	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10719	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/399.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/80770	Trust: 0.1

sources: VULHUB: VHN-90079 // VULMON: CVE-2016-1260 // BID: 80770 // JVNDB: JVNDB-2016-001294 // CNNVD: CNNVD-201601-339 // NVD: CVE-2016-1260

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 80770

SOURCES

db:	VULHUB	id:	VHN-90079
db:	VULMON	id:	CVE-2016-1260
db:	BID	id:	80770
db:	JVNDB	id:	JVNDB-2016-001294
db:	CNNVD	id:	CNNVD-201601-339
db:	NVD	id:	CVE-2016-1260

LAST UPDATE DATE

2025-04-13T23:23:42.078000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90079	date:	2016-12-03T00:00:00
db:	VULMON	id:	CVE-2016-1260	date:	2016-12-03T00:00:00
db:	BID	id:	80770	date:	2016-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-001294	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-339	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1260	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90079	date:	2016-01-15T00:00:00
db:	VULMON	id:	CVE-2016-1260	date:	2016-01-15T00:00:00
db:	BID	id:	80770	date:	2016-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-001294	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-339	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1260	date:	2016-01-15T19:59:08.400