Details of VAR-201704-0734

ID

VAR-201704-0734

CVE

CVE-2017-2313

TITLE

Juniper Networks Works with device products Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003625

DESCRIPTION

Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability. Juniper Networks Works with device products Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) An attack may be carried out. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash and restart the affected device, denying service to legitimate users. Junos OS in Juniper Networks devices has a security vulnerability

Trust: 1.98

sources: NVD: CVE-2017-2313 // JVNDB: JVNDB-2017-003625 // BID: 97606 // VULHUB: VHN-110516

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1	Trust: 0.3
vendor:	juniper	model:	junos os 17.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 17.1r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.2r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.2r1-s3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.1r4	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.1r3-s3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.1r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 16.1r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1x53-d70	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1x53-d63	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1x53-d230	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1x49-d80	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1x49-d78	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1r5-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1r4-s7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1f7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1f6-s5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1f5-s7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 15.1f2-s15	scope:	ne	version:	-	Trust: 0.3

sources: BID: 97606 // JVNDB: JVNDB-2017-003625 // CNNVD: CNNVD-201704-990 // NVD: CVE-2017-2313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2313
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2313
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-990
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110516
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2313
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110516
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2313
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110516 // JVNDB: JVNDB-2017-003625 // CNNVD: CNNVD-201704-990 // NVD: CVE-2017-2313

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-110516 // JVNDB: JVNDB-2017-003625 // NVD: CVE-2017-2313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-990

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-990

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003625

PATCH

title:	JSA10778	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10778&actp=METADATA	Trust: 0.8
title:	Juniper Junos Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69415	Trust: 0.6

sources: JVNDB: JVNDB-2017-003625 // CNNVD: CNNVD-201704-990

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2313	Trust: 2.8
db:	JUNIPER	id:	JSA10778	Trust: 2.0
db:	BID	id:	97606	Trust: 2.0
db:	SECTRACK	id:	1038257	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-003625	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-990	Trust: 0.7
db:	VULHUB	id:	VHN-110516	Trust: 0.1

sources: VULHUB: VHN-110516 // BID: 97606 // JVNDB: JVNDB-2017-003625 // CNNVD: CNNVD-201704-990 // NVD: CVE-2017-2313

REFERENCES

url:	http://www.securityfocus.com/bid/97606	Trust: 1.7
url:	https://kb.juniper.net/jsa10778	Trust: 1.7
url:	http://www.securitytracker.com/id/1038257	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2313	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2313	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10778&cat=sirt_1&actp=list	Trust: 0.3

sources: VULHUB: VHN-110516 // BID: 97606 // JVNDB: JVNDB-2017-003625 // CNNVD: CNNVD-201704-990 // NVD: CVE-2017-2313

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97606

SOURCES

db:	VULHUB	id:	VHN-110516
db:	BID	id:	97606
db:	JVNDB	id:	JVNDB-2017-003625
db:	CNNVD	id:	CNNVD-201704-990
db:	NVD	id:	CVE-2017-2313

LAST UPDATE DATE

2025-04-20T23:32:14.283000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110516	date:	2017-07-11T00:00:00
db:	BID	id:	97606	date:	2017-04-18T01:05:00
db:	JVNDB	id:	JVNDB-2017-003625	date:	2017-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201704-990	date:	2017-04-25T00:00:00
db:	NVD	id:	CVE-2017-2313	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110516	date:	2017-04-24T00:00:00
db:	BID	id:	97606	date:	2017-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-003625	date:	2017-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201704-990	date:	2017-04-25T00:00:00
db:	NVD	id:	CVE-2017-2313	date:	2017-04-24T15:59:00.207