Sign-up

ID

VAR-201710-0246


CVE

CVE-2017-10614


TITLE

Juniper Networks Junos OS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-009385

DESCRIPTION

A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47. Juniper Networks Junos OS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos OS Release 12.1X46, Release 12.3X48, Release 14.1, Release 14.1X53, Release 14.2, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2

Trust: 1.71

sources: NVD: CVE-2017-10614 // JVNDB: JVNDB-2017-009385 // VULHUB: VHN-100954

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1f5

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r6

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d45

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d30

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d232

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r4-s9

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r8

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

sources: JVNDB: JVNDB-2017-009385 // CNNVD: CNNVD-201710-513 // NVD: CVE-2017-10614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10614
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2017-10614
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10614
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-513
value: HIGH

Trust: 0.6

VULHUB: VHN-100954
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10614
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-100954
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10614
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2017-10614
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-100954 // JVNDB: JVNDB-2017-009385 // CNNVD: CNNVD-201710-513 // NVD: CVE-2017-10614 // NVD: CVE-2017-10614

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-100954 // JVNDB: JVNDB-2017-009385 // NVD: CVE-2017-10614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-513

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201710-513

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009385

PATCH
title:JSA10817url:https://kb.juniper.net/JSA10817
Trust: 0.8
title:Juniper Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75549
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009385 // 
            
            
            
            CNNVD: CNNVD-201710-513

EXTERNAL IDS
db:NVDid:CVE-2017-10614
Trust: 2.5
db:JUNIPERid:JSA10817
Trust: 1.7
db:JVNDBid:JVNDB-2017-009385
Trust: 0.8
db:CNNVDid:CNNVD-201710-513
Trust: 0.7
db:VULHUBid:VHN-100954
Trust: 0.1
sources:
            
            
            VULHUB: VHN-100954 // 
            
            
            
            JVNDB: JVNDB-2017-009385 // 
            
            
            
            CNNVD: CNNVD-201710-513 // 
            
            
            
            NVD: CVE-2017-10614

REFERENCES
url:https://kb.juniper.net/jsa10817
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10614
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10614
Trust: 0.8
sources:
            
            
            VULHUB: VHN-100954 // 
            
            
            
            JVNDB: JVNDB-2017-009385 // 
            
            
            
            CNNVD: CNNVD-201710-513 // 
            
            
            
            NVD: CVE-2017-10614

SOURCES
db:VULHUBid:VHN-100954
db:JVNDBid:JVNDB-2017-009385
db:CNNVDid:CNNVD-201710-513
db:NVDid:CVE-2017-10614

LAST UPDATE DATE
2024-08-14T14:20:17.177000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-100954date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-009385date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-513date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10614date:2019-10-09T23:21:41.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-100954date:2017-10-13T00:00:00
db:JVNDBid:JVNDB-2017-009385date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-513date:2017-10-18T00:00:00
db:NVDid:CVE-2017-10614date:2017-10-13T17:29:00.723