Sign-up

ID

VAR-201704-0735


CVE

CVE-2017-2315


TITLE

Juniper Networks EX Works with Series Ethernet Switch products Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-003626

DESCRIPTION

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to resource exhaustion and crash the affected device, denying service to legitimate users. Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK

Trust: 2.07

sources: NVD: CVE-2017-2315 // JVNDB: JVNDB-2017-003626 // BID: 97615 // VULHUB: VHN-110518 // VULMON: CVE-2017-2315

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x55

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r2-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 17.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos os 16.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r13scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12-s4scope:neversion: -

Trust: 0.3

sources: BID: 97615 // JVNDB: JVNDB-2017-003626 // CNNVD: CNNVD-201704-984 // NVD: CVE-2017-2315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2315
value: HIGH

Trust: 1.0

NVD: CVE-2017-2315
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-984
value: HIGH

Trust: 0.6

VULHUB: VHN-110518
value: HIGH

Trust: 0.1

VULMON: CVE-2017-2315
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2315
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-110518
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2315
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110518 // VULMON: CVE-2017-2315 // JVNDB: JVNDB-2017-003626 // CNNVD: CNNVD-201704-984 // NVD: CVE-2017-2315

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-110518 // JVNDB: JVNDB-2017-003626 // NVD: CVE-2017-2315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-984

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-984

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003626

PATCH
title:JSA10781url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10781&actp=METADATA
Trust: 0.8
title:Juniper Networks EX Series Ethernet Switchs Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69414
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003626 // 
            
            
            
            CNNVD: CNNVD-201704-984

EXTERNAL IDS
db:NVDid:CVE-2017-2315
Trust: 2.9
db:JUNIPERid:JSA10781
Trust: 2.1
db:BIDid:97615
Trust: 2.1
db:SECTRACKid:1038253
Trust: 1.8
db:JVNDBid:JVNDB-2017-003626
Trust: 0.8
db:CNNVDid:CNNVD-201704-984
Trust: 0.7
db:VULHUBid:VHN-110518
Trust: 0.1
db:VULMONid:CVE-2017-2315
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110518 // 
            
            
            
            VULMON: CVE-2017-2315 // 
            
            
            
            BID: 97615 // 
            
            
            
            JVNDB: JVNDB-2017-003626 // 
            
            
            
            CNNVD: CNNVD-201704-984 // 
            
            
            
            NVD: CVE-2017-2315

REFERENCES
url:http://www.securityfocus.com/bid/97615
Trust: 1.8
url:https://kb.juniper.net/jsa10781
Trust: 1.8
url:http://www.securitytracker.com/id/1038253
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2315
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2315
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10781&cat=sirt_1&actp=list
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/772.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa10781
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110518 // 
            
            
            
            VULMON: CVE-2017-2315 // 
            
            
            
            BID: 97615 // 
            
            
            
            JVNDB: JVNDB-2017-003626 // 
            
            
            
            CNNVD: CNNVD-201704-984 // 
            
            
            
            NVD: CVE-2017-2315

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97615

SOURCES
db:VULHUBid:VHN-110518
db:VULMONid:CVE-2017-2315
db:BIDid:97615
db:JVNDBid:JVNDB-2017-003626
db:CNNVDid:CNNVD-201704-984
db:NVDid:CVE-2017-2315

LAST UPDATE DATE
2025-04-20T23:27:26.247000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110518date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-2315date:2019-10-03T00:00:00
db:BIDid:97615date:2017-04-18T01:05:00
db:JVNDBid:JVNDB-2017-003626date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-984date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2315date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110518date:2017-04-24T00:00:00
db:VULMONid:CVE-2017-2315date:2017-04-24T00:00:00
db:BIDid:97615date:2017-04-12T00:00:00
db:JVNDBid:JVNDB-2017-003626date:2017-05-31T00:00:00
db:CNNVDid:CNNVD-201704-984date:2017-04-24T00:00:00
db:NVDid:CVE-2017-2315date:2017-04-24T15:59:00.237