Sign-up

ID

VAR-201707-0304


CVE

CVE-2017-2314


TITLE

Junos OS Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006936

DESCRIPTION

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. Junos OS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS. The following releases are affected: Juniper Junos OS Release 12.3, Release 12.3X48, Release 13.3, Release 14.1, Release 14.1X53, Release 14.1X55, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53

Trust: 1.8

sources: NVD: CVE-2017-2314 // JVNDB: JVNDB-2017-006936 // VULHUB: VHN-110517 // VULMON: CVE-2017-2314

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x55

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-006936 // CNNVD: CNNVD-201707-609 // NVD: CVE-2017-2314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2314
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-2314
value: HIGH

Trust: 1.0

NVD: CVE-2017-2314
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-609
value: HIGH

Trust: 0.6

VULHUB: VHN-110517
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-2314
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2314
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-110517
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2017-2314
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-2314
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-110517 // VULMON: CVE-2017-2314 // JVNDB: JVNDB-2017-006936 // CNNVD: CNNVD-201707-609 // NVD: CVE-2017-2314 // NVD: CVE-2017-2314

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-110517 // JVNDB: JVNDB-2017-006936 // NVD: CVE-2017-2314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-609

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201707-609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006936

PATCH
title:JSA10779url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10779&actp=METADATA
Trust: 0.8
title:Juniper Junos Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71722
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006936 // 
            
            
            
            CNNVD: CNNVD-201707-609

EXTERNAL IDS
db:NVDid:CVE-2017-2314
Trust: 2.6
db:SECTRACKid:1038889
Trust: 1.8
db:JUNIPERid:JSA10779
Trust: 1.8
db:JVNDBid:JVNDB-2017-006936
Trust: 0.8
db:CNNVDid:CNNVD-201707-609
Trust: 0.7
db:VULHUBid:VHN-110517
Trust: 0.1
db:VULMONid:CVE-2017-2314
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110517 // 
            
            
            
            VULMON: CVE-2017-2314 // 
            
            
            
            JVNDB: JVNDB-2017-006936 // 
            
            
            
            CNNVD: CNNVD-201707-609 // 
            
            
            
            NVD: CVE-2017-2314

REFERENCES
url:https://kb.juniper.net/jsa10779
Trust: 1.8
url:http://www.securitytracker.com/id/1038889
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2314
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2314
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110517 // 
            
            
            
            VULMON: CVE-2017-2314 // 
            
            
            
            JVNDB: JVNDB-2017-006936 // 
            
            
            
            CNNVD: CNNVD-201707-609 // 
            
            
            
            NVD: CVE-2017-2314

SOURCES
db:VULHUBid:VHN-110517
db:VULMONid:CVE-2017-2314
db:JVNDBid:JVNDB-2017-006936
db:CNNVDid:CNNVD-201707-609
db:NVDid:CVE-2017-2314

LAST UPDATE DATE
2024-08-14T14:13:21.584000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110517date:2020-02-20T00:00:00
db:VULMONid:CVE-2017-2314date:2020-02-20T00:00:00
db:JVNDBid:JVNDB-2017-006936date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-609date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2314date:2020-02-20T15:12:55.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-110517date:2017-07-17T00:00:00
db:VULMONid:CVE-2017-2314date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-006936date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-609date:2017-07-14T00:00:00
db:NVDid:CVE-2017-2314date:2017-07-17T13:18:23.923