Details of VAR-201710-0241

ID

VAR-201710-0241

CVE

CVE-2017-10608

TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-009380

DESCRIPTION

Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. JunosOS is a set of operating systems running on it. Sun/MS-RPCALGservicescomponent is one of the Sun/MS-RPCALG service components. A security vulnerability exists in the Sun/MS-RPCALG service component of JunosOS in the Juniper SRX family of devices

Trust: 2.25

sources: NVD: CVE-2017-10608 // JVNDB: JVNDB-2017-009380 // CNVD: CNVD-2017-32098 // VULHUB: VHN-100947

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32098

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d35 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1x49-d60	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d32	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	15.1x49 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47 (srx)	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d55	Trust: 0.8
vendor:	juniper	model:	networks junos os	scope:	eq	version:	12.1x46	Trust: 0.6
vendor:	juniper	model:	networks junos os	scope:	eq	version:	15.1x49	Trust: 0.6
vendor:	juniper	model:	networks junos os	scope:	eq	version:	12.3x48	Trust: 0.6
vendor:	juniper	model:	networks junos os	scope:	eq	version:	12.1x47	Trust: 0.6

sources: CNVD: CNVD-2017-32098 // JVNDB: JVNDB-2017-009380 // CNNVD: CNNVD-201710-518 // NVD: CVE-2017-10608

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10608
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2017-10608
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-10608
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32098
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201710-518
value:	HIGH
Trust: 0.6
VULHUB:	VHN-100947
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10608
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32098
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-100947
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10608
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: CNVD: CNVD-2017-32098 // VULHUB: VHN-100947 // JVNDB: JVNDB-2017-009380 // CNNVD: CNNVD-201710-518 // NVD: CVE-2017-10608 // NVD: CVE-2017-10608

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-100947 // JVNDB: JVNDB-2017-009380 // NVD: CVE-2017-10608

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-518

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-518

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009380

PATCH

title:	JSA10811	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10811&actp=METADATA	Trust: 0.8
title:	JuniperSRX Series Device JunosOSSun/MS-RPCALG Service Component Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/104474	Trust: 0.6
title:	Juniper SRX Series equipment Junos OS Sun/MS-RPC ALG Repair measures for service component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75554	Trust: 0.6

sources: CNVD: CNVD-2017-32098 // JVNDB: JVNDB-2017-009380 // CNNVD: CNNVD-201710-518

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10608	Trust: 3.1
db:	JUNIPER	id:	JSA10811	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-009380	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-518	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32098	Trust: 0.6
db:	VULHUB	id:	VHN-100947	Trust: 0.1

sources: CNVD: CNVD-2017-32098 // VULHUB: VHN-100947 // JVNDB: JVNDB-2017-009380 // CNNVD: CNNVD-201710-518 // NVD: CVE-2017-10608

REFERENCES

url:	https://kb.juniper.net/jsa10811	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10608	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10608	Trust: 0.8

sources: CNVD: CNVD-2017-32098 // VULHUB: VHN-100947 // JVNDB: JVNDB-2017-009380 // CNNVD: CNNVD-201710-518 // NVD: CVE-2017-10608

SOURCES

db:	CNVD	id:	CNVD-2017-32098
db:	VULHUB	id:	VHN-100947
db:	JVNDB	id:	JVNDB-2017-009380
db:	CNNVD	id:	CNNVD-201710-518
db:	NVD	id:	CVE-2017-10608

LAST UPDATE DATE

2024-08-14T14:57:31.945000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32098	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-100947	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-009380	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-518	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-10608	date:	2019-10-09T23:21:39.743

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32098	date:	2017-10-31T00:00:00
db:	VULHUB	id:	VHN-100947	date:	2017-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-009380	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201710-518	date:	2017-10-18T00:00:00
db:	NVD	id:	CVE-2017-10608	date:	2017-10-13T17:29:00.533