5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
61.9%
Junos OS is prone of a denial of service vulnerability
in RPD.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:juniper:junos";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106067");
script_version("2023-07-21T05:05:22+0000");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"creation_date", value:"2016-05-04 23:16:03 +0200 (Wed, 04 May 2016)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-04-20 19:19:00 +0000 (Wed, 20 Apr 2016)");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_cve_id("CVE-2016-1270");
script_name("Juniper Networks Junos OS RPD BGP Update DoS Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("JunOS Local Security Checks");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_dependencies("gb_juniper_junos_consolidation.nasl");
script_mandatory_keys("juniper/junos/detected");
script_tag(name:"summary", value:"Junos OS is prone of a denial of service vulnerability
in RPD.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
script_tag(name:"insight", value:"Upon receipt of a specially crafted BGP 'family l2vpn'
UPDATE message, the Junos OS rpd daemon will crash and restart.
This issue only affects BGP based L2VPN and VPLS configurations. No other configurations are
affected. The issue is not applicable to BGP Route Reflectors (RR).
Note that this issue can only be triggered from inside a customer's network. MPLS labels are
not usually exchanged outside the protected network, and are usually only received from a
PE or RR in the same network.");
script_tag(name:"impact", value:"Receipt of a constant stream of crafted BGP updates could
lead to an extended denial of service.");
script_tag(name:"affected", value:"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1 and 14.2");
script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
script_xref(name:"URL", value:"http://kb.juniper.net/JSA10737");
exit(0);
}
include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (version =~ "^12") {
if (revcomp(a: version, b: "12.1X44-D60") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X44-D60");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.1X46-D45") < 0) &&
(revcomp(a: version, b: "12.1X46") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D45");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.1X47-D30") < 0) &&
(revcomp(a: version, b: "12.1X47") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1X47-D30");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.3R9") < 0) &&
(revcomp(a: version, b: "12.3") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.3R9");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "12.3X48-D20") < 0) &&
(revcomp(a: version, b: "12.3X48") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.3X48-D20");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^13") {
if (revcomp(a: version, b: "13.2R7") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.2R7");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "13.2X51-D40") < 0) &&
(revcomp(a: version, b: "13.2X51") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.2X51-D40");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "13.3R6") < 0) &&
(revcomp(a: version, b: "13.3") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "13.3R6");
security_message(port: 0, data: report);
exit(0);
}
}
if (version =~ "^14") {
if (revcomp(a: version, b: "14.1R4") < 0) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.1R4");
security_message(port: 0, data: report);
exit(0);
}
else if ((revcomp(a: version, b: "14.2R2") < 0) &&
(revcomp(a: version, b: "14.2") >= 0)) {
report = report_fixed_ver(installed_version: version, fixed_version: "14.2R2");
security_message(port: 0, data: report);
exit(0);
}
}
exit(99);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
61.9%