Sign-up

ID

VAR-201707-0300


CVE

CVE-2017-2348


TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-006977

DESCRIPTION

The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS. A remote attacker can exploit this vulnerability to consume a large amount of CPU resources or cause the jdhcpd service to crash. The following releases are affected: Junos OS Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53

Trust: 1.71

sources: NVD: CVE-2017-2348 // JVNDB: JVNDB-2017-006977 // VULHUB: VHN-110551

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:15.1x53 (nfx/qfx/ex)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53 (qfx/ex/qfabric system )

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d80

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40 (qfx/ex/qfabric system )

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d51

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d60 (nfx/qfx/ex)

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1 ( all products platforms )

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d38 (qfx/ex/qfabric system )

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r4 ( all products platforms )

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49 (srx)

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d12

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f2-s18

Trust: 0.8

sources: JVNDB: JVNDB-2017-006977 // CNNVD: CNNVD-201707-616 // NVD: CVE-2017-2348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2348
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-2348
value: HIGH

Trust: 1.0

NVD: CVE-2017-2348
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-616
value: HIGH

Trust: 0.6

VULHUB: VHN-110551
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2348
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110551
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2348
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-110551 // JVNDB: JVNDB-2017-006977 // CNNVD: CNNVD-201707-616 // NVD: CVE-2017-2348 // NVD: CVE-2017-2348

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-110551 // JVNDB: JVNDB-2017-006977 // NVD: CVE-2017-2348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-616

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201707-616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006977

PATCH
title:JSA10800url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10800&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71734
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006977 // 
            
            
            
            CNNVD: CNNVD-201707-616

EXTERNAL IDS
db:NVDid:CVE-2017-2348
Trust: 2.5
db:JUNIPERid:JSA10800
Trust: 1.7
db:SECTRACKid:1038899
Trust: 1.7
db:JVNDBid:JVNDB-2017-006977
Trust: 0.8
db:CNNVDid:CNNVD-201707-616
Trust: 0.7
db:VULHUBid:VHN-110551
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110551 // 
            
            
            
            JVNDB: JVNDB-2017-006977 // 
            
            
            
            CNNVD: CNNVD-201707-616 // 
            
            
            
            NVD: CVE-2017-2348

REFERENCES
url:https://kb.juniper.net/jsa10800
Trust: 1.7
url:http://www.securitytracker.com/id/1038899
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2348
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2348
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110551 // 
            
            
            
            JVNDB: JVNDB-2017-006977 // 
            
            
            
            CNNVD: CNNVD-201707-616 // 
            
            
            
            NVD: CVE-2017-2348

SOURCES
db:VULHUBid:VHN-110551
db:JVNDBid:JVNDB-2017-006977
db:CNNVDid:CNNVD-201707-616
db:NVDid:CVE-2017-2348

LAST UPDATE DATE
2024-08-14T14:05:36.632000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110551date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-006977date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-616date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2348date:2019-10-09T23:26:46.507

SOURCES RELEASE DATE
db:VULHUBid:VHN-110551date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-006977date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-616date:2017-07-17T00:00:00
db:NVDid:CVE-2017-2348date:2017-07-17T13:18:24.563