Details of VAR-201705-3368

ID

VAR-201705-3368

CVE

CVE-2017-2304

TITLE

plural Juniper Networks Run on device Junos OS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-004634

DESCRIPTION

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'. plural Juniper Networks Run on device Junos OS Contains an information disclosure vulnerability.Information may be obtained. Juniper Networks QFX3500 and other are Juniper Networks' switch products. Information obtained will aid in further attacks. Junos OS 14.1X53-D40, 15.1X53-D40, 15.1R2 and later fixes the issue. Attackers can exploit this vulnerability to obtain Etherleak memory

Trust: 2.52

sources: NVD: CVE-2017-2304 // JVNDB: JVNDB-2017-004634 // CNVD: CNVD-2017-00554 // BID: 95403 // VULHUB: VHN-110507

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00554

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	networks qfx5200	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	networks qfx5100	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	networks qfx3600	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	networks qfx3500	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1x53-d35	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1x53-d30	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1x53-d20	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1r1	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f6	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f5-s2	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f5	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f4-s2	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f4	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f3	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f2-s5	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f2-s2	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f2	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1f1	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 15.1a2	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 14.1x53-d35	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 14.1x53-d30.3	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 14.1x53-d30	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 14.1x53-d28	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks junos 14.1x53-d26	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks ex4600	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	networks ex4300	scope:	eq	version:	0	Trust: 0.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1r1	Trust: 0.6
vendor:	juniper	model:	qfx5200	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	qfx5100	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	qfx3600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	qfx3500	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f5-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f4-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f2-s5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f2-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1f1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1a2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d30.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d28	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d18	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d16	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d12	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	ex4600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	ex4300	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 15.1x53-d40	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d40	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-00554 // BID: 95403 // JVNDB: JVNDB-2017-004634 // CNNVD: CNNVD-201701-317 // NVD: CVE-2017-2304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2304
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2304
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-00554
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201701-317
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110507
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2304
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-00554
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110507
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2304
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-00554 // VULHUB: VHN-110507 // JVNDB: JVNDB-2017-004634 // CNNVD: CNNVD-201701-317 // NVD: CVE-2017-2304

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-110507 // JVNDB: JVNDB-2017-004634 // NVD: CVE-2017-2304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-317

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201701-317

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004634

PATCH

title:	JSA10773	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773&actp=METADATA	Trust: 0.8
title:	Patches for multiple Juniper product information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/88107	Trust: 0.6
title:	Multiple Juniper Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66979	Trust: 0.6

sources: CNVD: CNVD-2017-00554 // JVNDB: JVNDB-2017-004634 // CNNVD: CNNVD-201701-317

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2304	Trust: 3.4
db:	BID	id:	95403	Trust: 2.6
db:	JUNIPER	id:	JSA10773	Trust: 2.0
db:	SECTRACK	id:	1037593	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-004634	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-317	Trust: 0.7
db:	CNVD	id:	CNVD-2017-00554	Trust: 0.6
db:	VULHUB	id:	VHN-110507	Trust: 0.1

sources: CNVD: CNVD-2017-00554 // VULHUB: VHN-110507 // BID: 95403 // JVNDB: JVNDB-2017-004634 // CNNVD: CNNVD-201701-317 // NVD: CVE-2017-2304

REFERENCES

url:	http://www.securityfocus.com/bid/95403	Trust: 2.3
url:	https://kb.juniper.net/jsa10773	Trust: 1.7
url:	http://www.securitytracker.com/id/1037593	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2304	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2304	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10773&actp=rss	Trust: 0.3

sources: CNVD: CNVD-2017-00554 // VULHUB: VHN-110507 // BID: 95403 // JVNDB: JVNDB-2017-004634 // CNNVD: CNNVD-201701-317 // NVD: CVE-2017-2304

CREDITS

Juniper Networks

Trust: 0.9

sources: BID: 95403 // CNNVD: CNNVD-201701-317

SOURCES

db:	CNVD	id:	CNVD-2017-00554
db:	VULHUB	id:	VHN-110507
db:	BID	id:	95403
db:	JVNDB	id:	JVNDB-2017-004634
db:	CNNVD	id:	CNNVD-201701-317
db:	NVD	id:	CVE-2017-2304

LAST UPDATE DATE

2024-11-23T22:56:13.579000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00554	date:	2017-01-18T00:00:00
db:	VULHUB	id:	VHN-110507	date:	2019-05-10T00:00:00
db:	BID	id:	95403	date:	2017-01-23T02:05:00
db:	JVNDB	id:	JVNDB-2017-004634	date:	2017-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201701-317	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2017-2304	date:	2024-11-21T03:23:14.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00554	date:	2017-01-18T00:00:00
db:	VULHUB	id:	VHN-110507	date:	2017-05-30T00:00:00
db:	BID	id:	95403	date:	2017-01-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-004634	date:	2017-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201701-317	date:	2017-01-13T00:00:00
db:	NVD	id:	CVE-2017-2304	date:	2017-05-30T14:29:00.847