Sign-up

ID

VAR-201604-0056


CVE

CVE-2016-1270


TITLE

Juniper Junos OS of rpd Service disruption in daemon (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002147

DESCRIPTION

The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos OS prior to 12.1X44-D60, 12.1X46 prior to 12.1X46-D45, 12.1X47 prior to 12.1X47-D30, 12.3 prior to 12.3R9, 12.3X48 prior to 12.3X48-D20, 13.2 Version 13.2 before R7, version 13.2X51 before 13.2X51-D40, version 13.3 before 13.3R6, version 14.1 before 14.1R4, version 14.2 before 14.2R2

Trust: 1.98

sources: NVD: CVE-2016-1270 // JVNDB: JVNDB-2016-002147 // BID: 86030 // VULHUB: VHN-90089

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.2x51

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:13.2

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:12.1x44

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:13.3r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2x51-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d20

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2r7

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.2x51

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d45

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

sources: JVNDB: JVNDB-2016-002147 // CNNVD: CNNVD-201604-296 // NVD: CVE-2016-1270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1270
value: HIGH

Trust: 1.0

NVD: CVE-2016-1270
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-296
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90089
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90089
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1270
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90089 // JVNDB: JVNDB-2016-002147 // CNNVD: CNNVD-201604-296 // NVD: CVE-2016-1270

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-90089 // JVNDB: JVNDB-2016-002147 // NVD: CVE-2016-1270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-296

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201604-296

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002147

PATCH
title:JSA10737url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10737
Trust: 0.8
title:Juniper Networks Junos OS Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60956
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002147 // 
            
            
            
            CNNVD: CNNVD-201604-296

EXTERNAL IDS
db:NVDid:CVE-2016-1270
Trust: 2.8
db:JUNIPERid:JSA10737
Trust: 2.0
db:JVNDBid:JVNDB-2016-002147
Trust: 0.8
db:CNNVDid:CNNVD-201604-296
Trust: 0.7
db:BIDid:86030
Trust: 0.4
db:VULHUBid:VHN-90089
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90089 // 
            
            
            
            BID: 86030 // 
            
            
            
            JVNDB: JVNDB-2016-002147 // 
            
            
            
            CNNVD: CNNVD-201604-296 // 
            
            
            
            NVD: CVE-2016-1270

REFERENCES
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10737
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1270
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1270
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10737&actp=rss
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10737
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90089 // 
            
            
            
            BID: 86030 // 
            
            
            
            JVNDB: JVNDB-2016-002147 // 
            
            
            
            CNNVD: CNNVD-201604-296 // 
            
            
            
            NVD: CVE-2016-1270

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 86030

SOURCES
db:VULHUBid:VHN-90089
db:BIDid:86030
db:JVNDBid:JVNDB-2016-002147
db:CNNVDid:CNNVD-201604-296
db:NVDid:CVE-2016-1270

LAST UPDATE DATE
2025-04-13T23:09:38.488000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90089date:2016-04-20T00:00:00
db:BIDid:86030date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002147date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-296date:2016-04-18T00:00:00
db:NVDid:CVE-2016-1270date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90089date:2016-04-15T00:00:00
db:BIDid:86030date:2016-04-13T00:00:00
db:JVNDBid:JVNDB-2016-002147date:2016-04-22T00:00:00
db:CNNVDid:CNNVD-201604-296date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1270date:2016-04-15T14:59:06.130