Lucene search

[email protected]CVE-2017-10610

HistoryOct 13, 2017 - 5:29 p.m.

CVE-2017-10610

2017-10-1317:29:00

CWE-20

[email protected]

web.nvd.nist.gov

srx series

nat64

ipv6

ipv4

flowd process

denial of service

juniper networks

junos os

cve-2017-10610

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.

Affected configurations

NVD

Node

juniperjunosMatch12.1x46

juniperjunosMatch12.1x46d10

juniperjunosMatch12.1x46d15

juniperjunosMatch12.1x46d20

juniperjunosMatch12.1x46d25

juniperjunosMatch12.1x46d30

juniperjunosMatch12.1x46d35

juniperjunosMatch12.1x46d40

juniperjunosMatch12.1x46d45

juniperjunosMatch12.1x46d50

juniperjunosMatch12.1x46d55

AND

junipersrx_seriesMatch-

Node

juniperjunosMatch12.3x48d10

juniperjunosMatch12.3x48d15

juniperjunosMatch12.3x48d20

juniperjunosMatch12.3x48d25

juniperjunosMatch12.3x48d30

juniperjunosMatch12.3x48d35

juniperjunosMatch12.3x48d40

juniperjunosMatch12.3x48d45

juniperjunosMatch12.3x48d50

AND

junipersrx_seriesMatch-

Node

juniperjunosMatch15.1x49d10

juniperjunosMatch15.1x49d20

juniperjunosMatch15.1x49d30

juniperjunosMatch15.1x49d35

juniperjunosMatch15.1x49d40

juniperjunosMatch15.1x49d45

juniperjunosMatch15.1x49d50

juniperjunosMatch15.1x49d55

juniperjunosMatch15.1x49d60

juniperjunosMatch15.1x49d65

juniperjunosMatch15.1x49d70

juniperjunosMatch15.1x49d75

juniperjunosMatch15.1x49d80

juniperjunosMatch15.1x49d90

AND

junipersrx_seriesMatch-

CPENameOperatorVersion
juniper:junosjuniper junoseq12.1x46

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	12.1x46

CNA Affected

[
  {
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.1X46 prior to 12.1X46-D71"
      },
      {
        "status": "affected",
        "version": "12.3X48 prior to 12.3X48-D55"
      },
      {
        "status": "affected",
        "version": "15.1X49 prior to 15.1X49-D100"
      }
    ]
  }
]

References

kb.juniper.net/JSA10813

www.juniper.net/documentation/en_US/junos/topics/task/configuration/nat-stateful-nat64-configuring.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for CVE-2017-10610

prion1 cvelist1 nessus1 nvd1