Lucene search

K
cve[email protected]CVE-2017-2340
HistoryApr 24, 2017 - 3:59 p.m.

CVE-2017-2340

2017-04-2415:59:00
CWE-20
web.nvd.nist.gov
27
juniper networks
junos os
15.1
16.1r3
dhcpv6
subscriber management
vulnerability
nvd
cve-2017-2340

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

65.0%

On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash.

Affected configurations

NVD
Node
juniperjunosMatch15.1r3
OR
juniperjunosMatch15.1r4
OR
juniperjunosMatch16.1r1
OR
juniperjunosMatch16.1r2

CNA Affected

[
  {
    "product": "Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "15.1 releases from 15.1R3 to 15.1R4"
      },
      {
        "status": "affected",
        "version": "16.1 prior to 16.1R3"
      },
      {
        "status": "affected",
        "version": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
      },
      {
        "status": "affected",
        "version": "All releases prior to 15.1R3 are not affected."
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

65.0%

Related for CVE-2017-2340