Sign-up

ID

VAR-201704-0755


CVE

CVE-2017-2340


TITLE

Juniper Networks Junos OS Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-003646 // CNNVD: CNNVD-201704-988

DESCRIPTION

On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash. Juniper Networks Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) An attack may be carried out. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash and hang the affected device, denying service to legitimate users. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2017-2340 // JVNDB: JVNDB-2017-003646 // BID: 97607 // VULHUB: VHN-110543

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junos osscope:eqversion:15.1r3 to 15.1r4

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r3

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.2r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5scope:neversion: -

Trust: 0.3

sources: BID: 97607 // JVNDB: JVNDB-2017-003646 // CNNVD: CNNVD-201704-988 // NVD: CVE-2017-2340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2340
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2340
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-988
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110543
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110543
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2340
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110543 // JVNDB: JVNDB-2017-003646 // CNNVD: CNNVD-201704-988 // NVD: CVE-2017-2340

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-110543 // JVNDB: JVNDB-2017-003646 // NVD: CVE-2017-2340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-988

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-988

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003646

PATCH
title:JSA10786url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10786&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70255
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003646 // 
            
            
            
            CNNVD: CNNVD-201704-988

EXTERNAL IDS
db:NVDid:CVE-2017-2340
Trust: 2.8
db:BIDid:97607
Trust: 2.0
db:JUNIPERid:JSA10786
Trust: 2.0
db:SECTRACKid:1038254
Trust: 1.1
db:JVNDBid:JVNDB-2017-003646
Trust: 0.8
db:CNNVDid:CNNVD-201704-988
Trust: 0.7
db:VULHUBid:VHN-110543
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110543 // 
            
            
            
            BID: 97607 // 
            
            
            
            JVNDB: JVNDB-2017-003646 // 
            
            
            
            CNNVD: CNNVD-201704-988 // 
            
            
            
            NVD: CVE-2017-2340

REFERENCES
url:http://www.securityfocus.com/bid/97607
Trust: 1.7
url:https://kb.juniper.net/jsa10786
Trust: 1.7
url:http://www.securitytracker.com/id/1038254
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2340
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2340
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10786&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110543 // 
            
            
            
            BID: 97607 // 
            
            
            
            JVNDB: JVNDB-2017-003646 // 
            
            
            
            CNNVD: CNNVD-201704-988 // 
            
            
            
            NVD: CVE-2017-2340

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97607

SOURCES
db:VULHUBid:VHN-110543
db:BIDid:97607
db:JVNDBid:JVNDB-2017-003646
db:CNNVDid:CNNVD-201704-988
db:NVDid:CVE-2017-2340

LAST UPDATE DATE
2025-04-20T23:32:59.383000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110543date:2017-07-11T00:00:00
db:BIDid:97607date:2017-04-18T00:05:00
db:JVNDBid:JVNDB-2017-003646date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-988date:2017-05-16T00:00:00
db:NVDid:CVE-2017-2340date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110543date:2017-04-24T00:00:00
db:BIDid:97607date:2017-04-12T00:00:00
db:JVNDBid:JVNDB-2017-003646date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-988date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2340date:2017-04-24T15:59:00.847