CVE-2017-2302

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://kb.juniper.net/JSA10771	Vendor Advisory
http://www.securityfocus.com/bid/95394	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037595	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:12.1x46:d25::::::
	cpe:2.3:o:juniper:junos:12.1x46:d30::::::
	cpe:2.3:o:juniper:junos:12.1x46:d35::::::
	cpe:2.3:o:juniper:junos:12.3:r2::::::
	cpe:2.3:o:juniper:junos:12.3:r3::::::
	cpe:2.3:o:juniper:junos:12.3:r4::::::
	cpe:2.3:o:juniper:junos:12.1x46:d10::::::
	cpe:2.3:o:juniper:junos:12.1x46:d45::::::
	cpe:2.3:o:juniper:junos:12.1x47:-::::::
	cpe:2.3:o:juniper:junos:12.1x47:d40::::::
	cpe:2.3:o:juniper:junos:13.3:r4::::::
	cpe:2.3:o:juniper:junos:13.3:r5::::::
	cpe:2.3:o:juniper:junos:13.3:r1::::::
	cpe:2.3:o:juniper:junos:15.1:f1::::::
	cpe:2.3:o:juniper:junos:14.1x53:d15::::::
	cpe:2.3:o:juniper:junos:13.3:r8::::::
	cpe:2.3:o:juniper:junos:14.1x53:d35::::::
	cpe:2.3:o:juniper:junos:14.1x53:d10::::::
	cpe:2.3:o:juniper:junos:12.3:r1::::::
	cpe:2.3:o:juniper:junos:12.3:r6::::::
	cpe:2.3:o:juniper:junos:14.1x53:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d27::::::
	cpe:2.3:o:juniper:junos:14.1x53:d16::::::
	cpe:2.3:o:juniper:junos:14.1:r7::::::
	cpe:2.3:o:juniper:junos:13.3:r6::::::
	cpe:2.3:o:juniper:junos:12.3:r5::::::
	cpe:2.3:o:juniper:junos:12.3x48:d25::::::
	cpe:2.3:o:juniper:junos:13.3:r3::::::
	cpe:2.3:o:juniper:junos:14.1:r5::::::
	cpe:2.3:o:juniper:junos:12.3:r8::::::
	cpe:2.3:o:juniper:junos:15.1x49:-::::::
	cpe:2.3:o:juniper:junos:14.1:-::::::
	cpe:2.3:o:juniper:junos:14.1:r1::::::
	cpe:2.3:o:juniper:junos:13.3:r7::::::
	cpe:2.3:o:juniper:junos:14.1:r4::::::
	cpe:2.3:o:juniper:junos:14.1:r3::::::
	cpe:2.3:o:juniper:junos:12.3:r11::::::
	cpe:2.3:o:juniper:junos:12.3:r9::::::
	cpe:2.3:o:juniper:junos:12.3x48:d10::::::
	cpe:2.3:o:juniper:junos:12.1x47:d10::::::
	cpe:2.3:o:juniper:junos:14.1x53:d30::::::
	cpe:2.3:o:juniper:junos:12.3x48:d15::::::
	cpe:2.3:o:juniper:junos:12.1x46:d50::::::
	cpe:2.3:o:juniper:junos:12.3:r7::::::
	cpe:2.3:o:juniper:junos:12.1x47:d20::::::
	cpe:2.3:o:juniper:junos:12.3:r12::::::
	cpe:2.3:o:juniper:junos:12.1x47:d25::::::
	cpe:2.3:o:juniper:junos:12.1x47:d30::::::
	cpe:2.3:o:juniper:junos:14.1:r6::::::
	cpe:2.3:o:juniper:junos:12.1x47:d35::::::
	cpe:2.3:o:juniper:junos:13.3:r9::::::
	cpe:2.3:o:juniper:junos:12.1x47:d15::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:13.3:r2::::::
	cpe:2.3:o:juniper:junos:14.1:r2::::::
	cpe:2.3:o:juniper:junos:14.1x55:d30::::::
	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:12.1x46:d40::::::
	cpe:2.3:o:juniper:junos:14.1x53:d26::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::
	cpe:2.3:o:juniper:junos:15.1:-::::::
	cpe:2.3:o:juniper:junos:12.1x46:-::::::
	cpe:2.3:o:juniper:junos:12.3x48:-::::::
cpe:2.3:o:juniper:junos:14.1x53:-::::::
cpe:2.3:o:juniper:junos:12.3:-::::::
cpe:2.3:o:juniper:junos:13.3:-::::::
cpe:2.3:o:juniper:junos:14.1x55:-::::::
cpe:2.3:o:juniper:junos:14.1x55:d20::::::
cpe:2.3:o:juniper:junos:14.1x55:d25::::::
cpe:2.3:o:juniper:junos:14.1x55:d16::::::

Information

Published : 2017-05-30 07:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-2302

Mitre link : CVE-2017-2302

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

juniper

junos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.juniper.net/JSA10771", "name": "https://kb.juniper.net/JSA10771", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/95394", "name": "95394", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1037595", "name": "1037595", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-2302", "ASSIGNER": "sirt@juniper.net"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2017-05-30T14:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x55:d30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:13.3:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x55:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x55:d20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x55:d25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x55:d16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-2302

7.5^/10

7.8^/10

Attach tags to `CVE-2017-2302`