Sign-up

ID

VAR-201710-0044


CVE

CVE-2016-4925


TITLE

JUNOSe Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008837

DESCRIPTION

Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. JUNOSe Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. Juniper E Series routers is a router device of Juniper Networks (Juniper Networks)

Trust: 1.98

sources: NVD: CVE-2016-4925 // JVNDB: JVNDB-2016-008837 // BID: 93533 // VULHUB: VHN-93744

AFFECTED PRODUCTS

vendor:junipermodel:junosescope:gteversion:14.3.0

Trust: 1.0

vendor:junipermodel:junosescope:lteversion:14.3.1

Trust: 1.0

vendor:junipermodel:junosescope:lteversion:13.3.3

Trust: 1.0

vendor:junipermodel:junosescope:lteversion:10.3.3

Trust: 1.0

vendor:junipermodel:junosescope:gteversion:10.3

Trust: 1.0

vendor:junipermodel:junosescope:lteversion:12.3.3

Trust: 1.0

vendor:junipermodel:junosescope:gteversion:12.3.0

Trust: 1.0

vendor:junipermodel:junosescope:gteversion:13.3.0

Trust: 1.0

vendor:junipermodel:junosescope: - version: -

Trust: 0.8

vendor:junipermodel:junosescope:eqversion:10.3.3

Trust: 0.6

vendor:junipermodel:junosescope:eqversion:14.3.1

Trust: 0.6

vendor:junipermodel:junosescope:eqversion:12.3.3

Trust: 0.6

vendor:junipermodel:junosescope:eqversion:13.3.3

Trust: 0.6

vendor:junipermodel:junosescope:eqversion:0

Trust: 0.3

vendor:junipermodel:junosescope:neversion:15.1

Trust: 0.3

vendor:junipermodel:junosescope:neversion:14.3.2

Trust: 0.3

vendor:junipermodel:junose 13.3.3p0-1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junose 12.3.3p0-6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junose 10.3.3p0-15scope:neversion: -

Trust: 0.3

sources: BID: 93533 // JVNDB: JVNDB-2016-008837 // CNNVD: CNNVD-201710-521 // NVD: CVE-2016-4925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4925
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2016-4925
value: HIGH

Trust: 1.0

NVD: CVE-2016-4925
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-521
value: HIGH

Trust: 0.6

VULHUB: VHN-93744
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4925
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93744
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4925
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-93744 // JVNDB: JVNDB-2016-008837 // CNNVD: CNNVD-201710-521 // NVD: CVE-2016-4925 // NVD: CVE-2016-4925

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.9

sources: VULHUB: VHN-93744 // JVNDB: JVNDB-2016-008837 // NVD: CVE-2016-4925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-521

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201710-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008837

PATCH
title:JSA10767url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10767&actp=METADATA
Trust: 0.8
title:Juniper E Series Repair measures for router security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75557
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008837 // 
            
            
            
            CNNVD: CNNVD-201710-521

EXTERNAL IDS
db:NVDid:CVE-2016-4925
Trust: 2.8
db:JUNIPERid:JSA10767
Trust: 2.0
db:BIDid:93533
Trust: 2.0
db:SECTRACKid:1037012
Trust: 1.7
db:JVNDBid:JVNDB-2016-008837
Trust: 0.8
db:CNNVDid:CNNVD-201710-521
Trust: 0.7
db:VULHUBid:VHN-93744
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93744 // 
            
            
            
            BID: 93533 // 
            
            
            
            JVNDB: JVNDB-2016-008837 // 
            
            
            
            CNNVD: CNNVD-201710-521 // 
            
            
            
            NVD: CVE-2016-4925

REFERENCES
url:http://www.securityfocus.com/bid/93533
Trust: 1.7
url:https://kb.juniper.net/jsa10767
Trust: 1.7
url:http://www.securitytracker.com/id/1037012
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4925
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-4925
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10767&cat=sirt_1&actp=list
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93744 // 
            
            
            
            BID: 93533 // 
            
            
            
            JVNDB: JVNDB-2016-008837 // 
            
            
            
            CNNVD: CNNVD-201710-521 // 
            
            
            
            NVD: CVE-2016-4925

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 93533

SOURCES
db:VULHUBid:VHN-93744
db:BIDid:93533
db:JVNDBid:JVNDB-2016-008837
db:CNNVDid:CNNVD-201710-521
db:NVDid:CVE-2016-4925

LAST UPDATE DATE
2025-04-20T23:19:50.154000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93744date:2019-10-09T00:00:00
db:BIDid:93533date:2016-10-26T11:05:00
db:JVNDBid:JVNDB-2016-008837date:2017-11-06T00:00:00
db:CNNVDid:CNNVD-201710-521date:2019-07-17T00:00:00
db:NVDid:CVE-2016-4925date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-93744date:2017-10-13T00:00:00
db:BIDid:93533date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-008837date:2017-11-06T00:00:00
db:CNNVDid:CNNVD-201710-521date:2017-10-18T00:00:00
db:NVDid:CVE-2016-4925date:2017-10-13T17:29:00.427