ID

VAR-201609-0026


CVE

CVE-2016-1277


TITLE

Juniper Junos OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004594

DESCRIPTION

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet. Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause kernel panic, resulting in a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos OS prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3X48 prior to 12.3X48-D30, 13.3 prior to 13.3R9, 14.1 prior to 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, 15.1X49 before 15.1X49-D40

Trust: 2.07

sources: NVD: CVE-2016-1277 // JVNDB: JVNDB-2016-004594 // BID: 91755 // VULHUB: VHN-90096 // VULMON: CVE-2016-1277

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.3

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:12.1x46

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:14.1r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r6

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d30

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6 or 15.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 0.6

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos r2scope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos r1scope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos rscope:eqversion:14.2

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos r5scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos r4scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos r3scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos r2-s2scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos r2scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos r1scope:eqversion:13.3

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d10scope:eqversion:12.1x47

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope:neversion: -

Trust: 0.3

sources: BID: 91755 // JVNDB: JVNDB-2016-004594 // CNNVD: CNNVD-201607-423 // NVD: CVE-2016-1277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1277
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1277
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201607-423
value: HIGH

Trust: 0.6

VULHUB: VHN-90096
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1277
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1277
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90096
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1277
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90096 // VULMON: CVE-2016-1277 // JVNDB: JVNDB-2016-004594 // CNNVD: CNNVD-201607-423 // NVD: CVE-2016-1277

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-90096 // JVNDB: JVNDB-2016-004594 // NVD: CVE-2016-1277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-423

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201607-423

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004594

PATCH

title:JSA10752url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10752&actp=search

Trust: 0.8

title:Juniper Junos Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62966

Trust: 0.6

title: - url:https://threatpost.com/juniper-crypto-bug-lets-attackers-eavesdrop-on-router-switch-traffic/119319/

Trust: 0.1

title: - url:https://www.theregister.co.uk/2016/07/14/junipers_bug_hunters_fire_out_eight_patches/

Trust: 0.1

sources: VULMON: CVE-2016-1277 // JVNDB: JVNDB-2016-004594 // CNNVD: CNNVD-201607-423

EXTERNAL IDS

db:NVDid:CVE-2016-1277

Trust: 2.9

db:BIDid:91755

Trust: 2.1

db:JUNIPERid:JSA10752

Trust: 2.1

db:SECTRACKid:1036306

Trust: 1.2

db:JVNDBid:JVNDB-2016-004594

Trust: 0.8

db:CNNVDid:CNNVD-201607-423

Trust: 0.7

db:VULHUBid:VHN-90096

Trust: 0.1

db:VULMONid:CVE-2016-1277

Trust: 0.1

sources: VULHUB: VHN-90096 // VULMON: CVE-2016-1277 // BID: 91755 // JVNDB: JVNDB-2016-004594 // CNNVD: CNNVD-201607-423 // NVD: CVE-2016-1277

REFERENCES

url:http://www.securityfocus.com/bid/91755

Trust: 1.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10752

Trust: 1.7

url:http://www.securitytracker.com/id/1036306

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1277

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1277

Trust: 0.8

url:http://www.juniper.net/

Trust: 0.3

url:http://www.juniper.net/us/en/products-services/nos/junos/

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10752&cat=sirt_1&actp=list

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10752

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa10752

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=47146

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/juniper-crypto-bug-lets-attackers-eavesdrop-on-router-switch-traffic/119319/

Trust: 0.1

sources: VULHUB: VHN-90096 // VULMON: CVE-2016-1277 // BID: 91755 // JVNDB: JVNDB-2016-004594 // CNNVD: CNNVD-201607-423 // NVD: CVE-2016-1277

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 91755

SOURCES

db:VULHUBid:VHN-90096
db:VULMONid:CVE-2016-1277
db:BIDid:91755
db:JVNDBid:JVNDB-2016-004594
db:CNNVDid:CNNVD-201607-423
db:NVDid:CVE-2016-1277

LAST UPDATE DATE

2025-04-13T23:32:37.989000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90096date:2017-09-01T00:00:00
db:VULMONid:CVE-2016-1277date:2017-09-01T00:00:00
db:BIDid:91755date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004594date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-423date:2016-09-12T00:00:00
db:NVDid:CVE-2016-1277date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-90096date:2016-09-09T00:00:00
db:VULMONid:CVE-2016-1277date:2016-09-09T00:00:00
db:BIDid:91755date:2016-07-13T00:00:00
db:JVNDBid:JVNDB-2016-004594date:2016-09-12T00:00:00
db:CNNVDid:CNNVD-201607-423date:2016-07-15T00:00:00
db:NVDid:CVE-2016-1277date:2016-09-09T14:05:04.063