Sign-up

ID

VAR-201705-3366


CVE

CVE-2017-2302


TITLE

Juniper Networks Run on products and platforms Junos OS Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004632

DESCRIPTION

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Networks Junos OS. The following versions are affected: 12.1X46 before 12.1X46-D55, 12.1X47 before 12.1X47-D45, 12.3R13 before 12.3R13, 12.3X48 before 12.3X48-D35, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.1X55 before 14.1X55-D35, 14.2 before 14.2R6, 15.1 before 15.1F2 or 15.1R1, 15.1X49-D20 15.1X49 version

Trust: 1.98

sources: NVD: CVE-2017-2302 // JVNDB: JVNDB-2017-004632 // BID: 95394 // VULHUB: VHN-110505

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x55

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:13.3r9

Trust: 0.6

vendor:junipermodel:junosscope:eqversion:15.1r1

Trust: 0.6

vendor:junipermodel:junosscope:eqversion:12.3r12

Trust: 0.6

vendor:junipermodel:junosscope:eqversion:14.2r5

Trust: 0.6

vendor:junipermodel:junosscope:eqversion:14.1r7

Trust: 0.6

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r9scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d23scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x55-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r13scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d45scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope:neversion: -

Trust: 0.3

sources: BID: 95394 // JVNDB: JVNDB-2017-004632 // CNNVD: CNNVD-201701-321 // NVD: CVE-2017-2302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2302
value: HIGH

Trust: 1.0

NVD: CVE-2017-2302
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201701-321
value: HIGH

Trust: 0.6

VULHUB: VHN-110505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2302
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110505
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2302
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110505 // JVNDB: JVNDB-2017-004632 // CNNVD: CNNVD-201701-321 // NVD: CVE-2017-2302

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-19

Trust: 0.9

sources: VULHUB: VHN-110505 // JVNDB: JVNDB-2017-004632 // NVD: CVE-2017-2302

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-321

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201701-321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004632

PATCH
title:JSA10771url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10771&actp=METADATA
Trust: 0.8
title:Juniper Junos Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66983
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004632 // 
            
            
            
            CNNVD: CNNVD-201701-321

EXTERNAL IDS
db:NVDid:CVE-2017-2302
Trust: 2.8
db:BIDid:95394
Trust: 2.0
db:JUNIPERid:JSA10771
Trust: 2.0
db:SECTRACKid:1037595
Trust: 1.7
db:JVNDBid:JVNDB-2017-004632
Trust: 0.8
db:CNNVDid:CNNVD-201701-321
Trust: 0.7
db:VULHUBid:VHN-110505
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110505 // 
            
            
            
            BID: 95394 // 
            
            
            
            JVNDB: JVNDB-2017-004632 // 
            
            
            
            CNNVD: CNNVD-201701-321 // 
            
            
            
            NVD: CVE-2017-2302

REFERENCES
url:http://www.securityfocus.com/bid/95394
Trust: 2.3
url:https://kb.juniper.net/jsa10771
Trust: 1.7
url:http://www.securitytracker.com/id/1037595
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2302
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2302
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10771&actp=rss
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110505 // 
            
            
            
            BID: 95394 // 
            
            
            
            JVNDB: JVNDB-2017-004632 // 
            
            
            
            CNNVD: CNNVD-201701-321 // 
            
            
            
            NVD: CVE-2017-2302

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95394

SOURCES
db:VULHUBid:VHN-110505
db:BIDid:95394
db:JVNDBid:JVNDB-2017-004632
db:CNNVDid:CNNVD-201701-321
db:NVDid:CVE-2017-2302

LAST UPDATE DATE
2025-04-20T23:22:22.457000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110505date:2019-10-03T00:00:00
db:BIDid:95394date:2017-01-23T00:05:00
db:JVNDBid:JVNDB-2017-004632date:2017-07-03T00:00:00
db:CNNVDid:CNNVD-201701-321date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2302date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110505date:2017-05-30T00:00:00
db:BIDid:95394date:2017-01-11T00:00:00
db:JVNDBid:JVNDB-2017-004632date:2017-07-03T00:00:00
db:CNNVDid:CNNVD-201701-321date:2017-01-13T00:00:00
db:NVDid:CVE-2017-2302date:2017-05-30T14:29:00.707