Lucene search

K
cve[email protected]CVE-2017-2315
HistoryApr 24, 2017 - 3:59 p.m.

CVE-2017-2315

2017-04-2415:59:00
CWE-772
web.nvd.nist.gov
28
juniper networks
ex series
ethernet switches
vulnerability
ipv6
memory leak
nvd
cve-2017-2315

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.6%

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

Affected configurations

NVD
Node
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r10
OR
juniperjunosMatch12.3r11
OR
juniperjunosMatch12.3r12
OR
juniperjunosMatch12.3r13
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
OR
juniperjunosMatch13.3r1
OR
juniperjunosMatch13.3r2
OR
juniperjunosMatch13.3r3
OR
juniperjunosMatch13.3r4
OR
juniperjunosMatch13.3r5
OR
juniperjunosMatch13.3r6
OR
juniperjunosMatch13.3r7
OR
juniperjunosMatch13.3r8
OR
juniperjunosMatch13.3r9
OR
juniperjunosMatch14.1r1
OR
juniperjunosMatch14.1r2
OR
juniperjunosMatch14.1r3
OR
juniperjunosMatch14.1r4
OR
juniperjunosMatch14.1r5
OR
juniperjunosMatch14.1r6
OR
juniperjunosMatch14.1r7
OR
juniperjunosMatch14.1r9
OR
juniperjunosMatch14.1x53d10
OR
juniperjunosMatch14.1x53d40
OR
juniperjunosMatch14.1x55d35
OR
juniperjunosMatch14.2r1
OR
juniperjunosMatch14.2r2
OR
juniperjunosMatch14.2r3
OR
juniperjunosMatch14.2r4
OR
juniperjunosMatch14.2r5
OR
juniperjunosMatch14.2r7
OR
juniperjunosMatch14.2r8
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1r3
OR
juniperjunosMatch15.1r4
OR
juniperjunosMatch16.1r1
OR
juniperjunosMatch16.2r2
OR
juniperjunosMatch17.1r1

CNA Affected

[
  {
    "product": "Junos OS on EX series Ethernet Switches with IPv6 enabled",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "12.3 prior to 12.3R12-S4, 12.3R13"
      },
      {
        "status": "affected",
        "version": "13.3 prior to 13.3R10"
      },
      {
        "status": "affected",
        "version": "14.1 prior to 14.1R8-S3, 14.1R9"
      },
      {
        "status": "affected",
        "version": "14.1X53 prior ro 14.1X53-D12, 14.1X53-D40"
      },
      {
        "status": "affected",
        "version": " 14.1X55 prior to 14.1X55-D35"
      },
      {
        "status": "affected",
        "version": "14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8"
      },
      {
        "status": "affected",
        "version": "15.1 prior to 15.1R5"
      },
      {
        "status": "affected",
        "version": "16.1 before 16.1R3"
      },
      {
        "status": "affected",
        "version": "16.2 before 16.2R1-S3, 16.2R2"
      },
      {
        "status": "affected",
        "version": "17.1R1 and all subsequent releases have a resolution for this vulnerability"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

70.6%

Related for CVE-2017-2315