7.8

CVE-2017-2315

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version12.3 Updater1
JuniperJunos Version12.3 Updater10
JuniperJunos Version12.3 Updater11
JuniperJunos Version12.3 Updater12
JuniperJunos Version12.3 Updater13
JuniperJunos Version12.3 Updater2
JuniperJunos Version12.3 Updater3
JuniperJunos Version12.3 Updater4
JuniperJunos Version12.3 Updater5
JuniperJunos Version12.3 Updater6
JuniperJunos Version12.3 Updater7
JuniperJunos Version12.3 Updater8
JuniperJunos Version12.3 Updater9
JuniperJunos Version13.3 Updater1
JuniperJunos Version13.3 Updater2
JuniperJunos Version13.3 Updater3
JuniperJunos Version13.3 Updater4
JuniperJunos Version13.3 Updater5
JuniperJunos Version13.3 Updater6
JuniperJunos Version13.3 Updater7
JuniperJunos Version13.3 Updater8
JuniperJunos Version13.3 Updater9
JuniperJunos Version14.1 Updater1
JuniperJunos Version14.1 Updater2
JuniperJunos Version14.1 Updater3
JuniperJunos Version14.1 Updater4
JuniperJunos Version14.1 Updater5
JuniperJunos Version14.1 Updater6
JuniperJunos Version14.1 Updater7
JuniperJunos Version14.1 Updater9
JuniperJunos Version14.1x53 Updated10
JuniperJunos Version14.1x53 Updated40
JuniperJunos Version14.1x55 Updated35
JuniperJunos Version14.2 Updater1
JuniperJunos Version14.2 Updater2
JuniperJunos Version14.2 Updater3
JuniperJunos Version14.2 Updater4
JuniperJunos Version14.2 Updater5
JuniperJunos Version14.2 Updater7
JuniperJunos Version14.2 Updater8
JuniperJunos Version15.1 Updater1
JuniperJunos Version15.1 Updater2
JuniperJunos Version15.1 Updater3
JuniperJunos Version15.1 Updater4
JuniperJunos Version16.1 Updater1
JuniperJunos Version16.2 Updater2
JuniperJunos Version17.1 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.627
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/97615
Third Party Advisory
VDB Entry
https://kb.juniper.net/JSA10781
Vendor Advisory
Mitigation