Sign-up

ID

VAR-201707-0296


CVE

CVE-2017-2344


TITLE

Junos OS Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006938

DESCRIPTION

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue. Junos OS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a local buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the application or gain elevated privileges. Failed exploits may result in denial-of-service conditions. The operating system provides a secure programming interface and Junos SDK

Trust: 1.98

sources: NVD: CVE-2017-2344 // JVNDB: JVNDB-2017-006938 // BID: 99556 // VULHUB: VHN-110547

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2x75

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x50

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos 16.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d70scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4-s7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d28scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d18scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d16scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r10-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d66scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d65scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d60scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d46scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 17.3r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.2r1-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 17.1r1-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.2r2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r4-s3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 16.1r3-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d70scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d64scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d57scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d48scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d47scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x53-d231scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d100scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r6-s1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r5-s5scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r4-s8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f6-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1f2-s18scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r7-s7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d50scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d45scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1x53-d122scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r8-s4scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2-s10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r10-s2scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d55scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d51scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d67scope:neversion: -

Trust: 0.3

sources: BID: 99556 // JVNDB: JVNDB-2017-006938 // CNNVD: CNNVD-201707-598 // NVD: CVE-2017-2344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2344
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-2344
value: HIGH

Trust: 1.0

NVD: CVE-2017-2344
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-598
value: HIGH

Trust: 0.6

VULHUB: VHN-110547
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2344
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110547
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2344
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-110547 // JVNDB: JVNDB-2017-006938 // CNNVD: CNNVD-201707-598 // NVD: CVE-2017-2344 // NVD: CVE-2017-2344

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110547 // JVNDB: JVNDB-2017-006938 // NVD: CVE-2017-2344

THREAT TYPE

local

Trust: 0.9

sources: BID: 99556 // CNNVD: CNNVD-201707-598

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201707-598

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006938

PATCH
title:JSA10792url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10792&actp=METADATA
Trust: 0.8
title:Juniper Junos Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71713
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006938 // 
            
            
            
            CNNVD: CNNVD-201707-598

EXTERNAL IDS
db:NVDid:CVE-2017-2344
Trust: 2.8
db:BIDid:99556
Trust: 2.0
db:JUNIPERid:JSA10792
Trust: 2.0
db:SECTRACKid:1038896
Trust: 1.7
db:JVNDBid:JVNDB-2017-006938
Trust: 0.8
db:CNNVDid:CNNVD-201707-598
Trust: 0.7
db:VULHUBid:VHN-110547
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110547 // 
            
            
            
            BID: 99556 // 
            
            
            
            JVNDB: JVNDB-2017-006938 // 
            
            
            
            CNNVD: CNNVD-201707-598 // 
            
            
            
            NVD: CVE-2017-2344

REFERENCES
url:http://www.securityfocus.com/bid/99556
Trust: 1.7
url:https://kb.juniper.net/jsa10792
Trust: 1.7
url:http://www.securitytracker.com/id/1038896
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2344
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2344
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://www.juniper.net/us/en/products-services/nos/junos/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10792&actp=rss
Trust: 0.3
sources:
            
            
            VULHUB: VHN-110547 // 
            
            
            
            BID: 99556 // 
            
            
            
            JVNDB: JVNDB-2017-006938 // 
            
            
            
            CNNVD: CNNVD-201707-598 // 
            
            
            
            NVD: CVE-2017-2344

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 99556

SOURCES
db:VULHUBid:VHN-110547
db:BIDid:99556
db:JVNDBid:JVNDB-2017-006938
db:CNNVDid:CNNVD-201707-598
db:NVDid:CVE-2017-2344

LAST UPDATE DATE
2024-11-23T22:49:01.465000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110547date:2019-10-09T00:00:00
db:BIDid:99556date:2017-07-13T00:00:00
db:JVNDBid:JVNDB-2017-006938date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-598date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2344date:2024-11-21T03:23:19.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-110547date:2017-07-17T00:00:00
db:BIDid:99556date:2017-07-13T00:00:00
db:JVNDBid:JVNDB-2017-006938date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-598date:2017-07-14T00:00:00
db:NVDid:CVE-2017-2344date:2017-07-17T13:18:24.360