Sign-up

ID

VAR-201710-0240


CVE

CVE-2017-10607


TITLE

Juniper Networks Junos OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009379

DESCRIPTION

Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices running Junos OS 16.1R1 and services releases based off of 16.1R1 (e.g. 16.1R1-S1, 16.1R1-S2, 16.1R1-S3). No prior versions of Junos OS are affected by this vulnerability, and this issue was resolved in Junos OS 16.2 prior to 16.2R1. No other Juniper Networks products or platforms are affected by this issue. This issue was found during internal product security testing. Juniper Networks Junos OS Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos OS 16.1R1 release

Trust: 1.71

sources: NVD: CVE-2017-10607 // JVNDB: JVNDB-2017-009379 // VULHUB: VHN-100946

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-009379 // CNNVD: CNNVD-201710-519 // NVD: CVE-2017-10607

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10607
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10607
value: HIGH

Trust: 1.0

NVD: CVE-2017-10607
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-519
value: HIGH

Trust: 0.6

VULHUB: VHN-100946
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10607
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10607
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-100946 // JVNDB: JVNDB-2017-009379 // CNNVD: CNNVD-201710-519 // NVD: CVE-2017-10607 // NVD: CVE-2017-10607

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-100946 // JVNDB: JVNDB-2017-009379 // NVD: CVE-2017-10607

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-519

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-519

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009379

PATCH
title:JSA10810url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10810&actp=METADATA
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75555
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009379 // 
            
            
            
            CNNVD: CNNVD-201710-519

EXTERNAL IDS
db:NVDid:CVE-2017-10607
Trust: 2.5
db:JUNIPERid:JSA10810
Trust: 1.7
db:JVNDBid:JVNDB-2017-009379
Trust: 0.8
db:CNNVDid:CNNVD-201710-519
Trust: 0.7
db:VULHUBid:VHN-100946
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100946 // 
            
            
            
            JVNDB: JVNDB-2017-009379 // 
            
            
            
            CNNVD: CNNVD-201710-519 // 
            
            
            
            NVD: CVE-2017-10607

REFERENCES
url:https://kb.juniper.net/jsa10810
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10607
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10607
Trust: 0.8
sources:
            
            
            VULHUB: VHN-100946 // 
            
            
            
            JVNDB: JVNDB-2017-009379 // 
            
            
            
            CNNVD: CNNVD-201710-519 // 
            
            
            
            NVD: CVE-2017-10607

SOURCES
db:VULHUBid:VHN-100946
db:JVNDBid:JVNDB-2017-009379
db:CNNVDid:CNNVD-201710-519
db:NVDid:CVE-2017-10607

LAST UPDATE DATE
2024-08-14T15:13:23.268000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100946date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-009379date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-519date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10607date:2019-10-09T23:21:39.603

SOURCES RELEASE DATE
db:VULHUBid:VHN-100946date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009379date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-519date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10607date:2017-10-13T17:29:00.503