CVE-2017-2314

EPSS 0.45%
Published 17.07.2017 13:18:23
Last modified 20.04.2025 01:37:25
Source sirt@juniper.net
Teams watchlist Login
Open Login

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version12.3

Juniper ≫ Junos Version12.3 Updater1

Juniper ≫ Junos Version12.3 Updater10

Juniper ≫ Junos Version12.3 Updater11

Juniper ≫ Junos Version12.3 Updater12

Juniper ≫ Junos Version12.3 Updater2

Juniper ≫ Junos Version12.3 Updater3

Juniper ≫ Junos Version12.3 Updater4

Juniper ≫ Junos Version12.3 Updater5

Juniper ≫ Junos Version12.3 Updater6

Juniper ≫ Junos Version12.3 Updater7

Juniper ≫ Junos Version12.3 Updater8

Juniper ≫ Junos Version12.3 Updater9

Juniper ≫ Junos Version12.3x48 Update-

Juniper ≫ Junos Version12.3x48 Updated10

Juniper ≫ Junos Version12.3x48 Updated15

Juniper ≫ Junos Version12.3x48 Updated20

Juniper ≫ Junos Version12.3x48 Updated25

Juniper ≫ Junos Version12.3x48 Updated30

Juniper ≫ Junos Version12.3x48 Updated35

Juniper ≫ Junos Version12.3x48 Updated40

Juniper ≫ Junos Version12.3x48 Updated45

Juniper ≫ Junos Version14.1

Juniper ≫ Junos Version14.1 Updater1

Juniper ≫ Junos Version14.1 Updater2

Juniper ≫ Junos Version14.1 Updater3

Juniper ≫ Junos Version14.1 Updater4

Juniper ≫ Junos Version14.1 Updater5

Juniper ≫ Junos Version14.1 Updater6

Juniper ≫ Junos Version14.1 Updater7

Juniper ≫ Junos Version14.1 Updater8

Juniper ≫ Junos Version14.1x53 Update-

Juniper ≫ Junos Version14.1x53 Updated15

Juniper ≫ Junos Version14.1x53 Updated16

Juniper ≫ Junos Version14.1x53 Updated25

Juniper ≫ Junos Version14.1x53 Updated26

Juniper ≫ Junos Version14.1x53 Updated27

Juniper ≫ Junos Version14.1x53 Updated30

Juniper ≫ Junos Version14.1x53 Updated35

Juniper ≫ Junos Version14.2

Juniper ≫ Junos Version14.2 Updater1

Juniper ≫ Junos Version14.2 Updater2

Juniper ≫ Junos Version14.2 Updater3

Juniper ≫ Junos Version14.2 Updater4

Juniper ≫ Junos Version14.2 Updater5

Juniper ≫ Junos Version14.2 Updater6

Juniper ≫ Junos Version15.1

Juniper ≫ Junos Version15.1 Updatef2

Juniper ≫ Junos Version15.1 Updatef4

Juniper ≫ Junos Version15.1 Updatef5

Juniper ≫ Junos Version13.3

Juniper ≫ Junos Version13.3 Updater1

Juniper ≫ Junos Version13.3 Updater2

Juniper ≫ Junos Version13.3 Updater3

Juniper ≫ Junos Version13.3 Updater9

Juniper ≫ Junos Version14.1x55

Juniper ≫ Junos Version15.1x49 Updated10

Juniper ≫ Junos Version15.1x49 Updated20

Juniper ≫ Junos Version15.1x49 Updated30

Juniper ≫ Junos Version15.1x49 Updated35

Juniper ≫ Junos Version15.1x49 Updated40

Juniper ≫ Junos Version15.1x49 Updated45

Juniper ≫ Junos Version15.1x49 Updated50

Juniper ≫ Junos Version15.1x49 Updated55

Juniper ≫ Junos Version15.1x49 Updated60

Juniper ≫ Junos Version15.1x49 Updated65

Juniper ≫ Junos Version15.1x49 Updated70

Juniper ≫ Junos Version15.1x49 Updated75

Juniper ≫ Junos Version15.1x49 Updated80

Juniper ≫ Junos Version15.1x49 Updated90

Juniper ≫ Junos Version15.1x53 Updated10

Juniper ≫ Junos Version15.1x53 Updated20

Juniper ≫ Junos Version15.1x53 Updated21

Juniper ≫ Junos Version15.1x53 Updated30

Juniper ≫ Junos Version15.1x53 Updated32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.607

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1038889

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10779

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-2314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2314

EUVD