Sign-up

ID

VAR-201710-0245


CVE

CVE-2017-10613


TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-009384

DESCRIPTION

A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a denial of service (kernel hang)

Trust: 1.71

sources: NVD: CVE-2017-10613 // JVNDB: JVNDB-2017-009384 // VULHUB: VHN-100953

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1x53-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r8-s4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d55

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d60

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r7-s8

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d35

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r4-s9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f5-s3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r4

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:16.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f6

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:16.1r2

Trust: 0.8

sources: JVNDB: JVNDB-2017-009384 // CNNVD: CNNVD-201710-514 // NVD: CVE-2017-10613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10613
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2017-10613
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10613
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-514
value: MEDIUM

Trust: 0.6

VULHUB: VHN-100953
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-10613
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100953
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10613
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-100953 // JVNDB: JVNDB-2017-009384 // CNNVD: CNNVD-201710-514 // NVD: CVE-2017-10613 // NVD: CVE-2017-10613

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-100953 // JVNDB: JVNDB-2017-009384 // NVD: CVE-2017-10613

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-514

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-514

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009384

PATCH
title:JSA10816url:https://kb.juniper.net/JSA10816
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75550
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009384 // 
            
            
            
            CNNVD: CNNVD-201710-514

EXTERNAL IDS
db:NVDid:CVE-2017-10613
Trust: 2.5
db:JUNIPERid:JSA10816
Trust: 1.7
db:JVNDBid:JVNDB-2017-009384
Trust: 0.8
db:CNNVDid:CNNVD-201710-514
Trust: 0.7
db:VULHUBid:VHN-100953
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100953 // 
            
            
            
            JVNDB: JVNDB-2017-009384 // 
            
            
            
            CNNVD: CNNVD-201710-514 // 
            
            
            
            NVD: CVE-2017-10613

REFERENCES
url:https://kb.juniper.net/jsa10816
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10613
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10613
Trust: 0.8
sources:
            
            
            VULHUB: VHN-100953 // 
            
            
            
            JVNDB: JVNDB-2017-009384 // 
            
            
            
            CNNVD: CNNVD-201710-514 // 
            
            
            
            NVD: CVE-2017-10613

SOURCES
db:VULHUBid:VHN-100953
db:JVNDBid:JVNDB-2017-009384
db:CNNVDid:CNNVD-201710-514
db:NVDid:CVE-2017-10613

LAST UPDATE DATE
2024-08-14T14:51:48.861000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100953date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-009384date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-514date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10613date:2019-10-09T23:21:40.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-100953date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009384date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-514date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10613date:2017-10-13T17:29:00.677