7.8

CVE-2017-2344

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version12.1x46
JuniperJunos Version12.1x46 Updated10
JuniperJunos Version12.1x46 Updated15
JuniperJunos Version12.1x46 Updated20
JuniperJunos Version12.1x46 Updated25
JuniperJunos Version12.1x46 Updated30
JuniperJunos Version12.1x46 Updated35
JuniperJunos Version12.1x46 Updated40
JuniperJunos Version12.1x46 Updated45
JuniperJunos Version12.1x46 Updated50
JuniperJunos Version12.1x46 Updated55
JuniperJunos Version12.1x46 Updated60
JuniperJunos Version12.1x46 Updated65
JuniperJunos Version12.3x48
JuniperJunos Version12.3x48 Updated10
JuniperJunos Version12.3x48 Updated15
JuniperJunos Version12.3x48 Updated20
JuniperJunos Version12.3x48 Updated25
JuniperJunos Version12.3x48 Updated30
JuniperJunos Version12.3x48 Updated35
JuniperJunos Version12.3x48 Updated40
JuniperJunos Version12.3x48 Updated45
JuniperJunos Version12.3x48 Updated50
JuniperJunos Version12.3x48 Updated55
JuniperJunos Version13.3
JuniperJunos Version13.3 Updater1
JuniperJunos Version13.3 Updater2
JuniperJunos Version13.3 Updater2-s2
JuniperJunos Version13.3 Updater3
JuniperJunos Version13.3 Updater4
JuniperJunos Version13.3 Updater5
JuniperJunos Version13.3 Updater6
JuniperJunos Version13.3 Updater7
JuniperJunos Version13.3 Updater8
JuniperJunos Version13.3 Updater9
JuniperJunos Version14.1
JuniperJunos Version14.1 Updater1
JuniperJunos Version14.1 Updater2
JuniperJunos Version14.1 Updater3
JuniperJunos Version14.1 Updater4
JuniperJunos Version14.1 Updater5
JuniperJunos Version14.1 Updater6
JuniperJunos Version14.1 Updater7
JuniperJunos Version14.1 Updater9
JuniperJunos Version14.1x50
JuniperJunos Version14.1x53
JuniperJunos Version14.1x53 Updated10
JuniperJunos Version14.1x53 Updated121
JuniperJunos Version14.1x53 Updated15
JuniperJunos Version14.1x53 Updated16
JuniperJunos Version14.1x53 Updated25
JuniperJunos Version14.1x53 Updated26
JuniperJunos Version14.1x53 Updated27
JuniperJunos Version14.1x53 Updated30
JuniperJunos Version14.1x53 Updated35
JuniperJunos Version14.1x53 Updated40
JuniperJunos Version14.1x53 Updated42
JuniperJunos Version14.1x53 Updated43
JuniperJunos Version14.1x53 Updated45
JuniperJunos Version14.1x53 Updated50
JuniperJunos Version14.2
JuniperJunos Version14.2 Updater1
JuniperJunos Version14.2 Updater2
JuniperJunos Version14.2 Updater3
JuniperJunos Version14.2 Updater4
JuniperJunos Version14.2 Updater5
JuniperJunos Version14.2 Updater6
JuniperJunos Version14.2 Updater7
JuniperJunos Version14.2 Updater7-s7
JuniperJunos Version14.2 Updater8
JuniperJunos Version15.1
JuniperJunos Version15.1 Updatef1
JuniperJunos Version15.1 Updatef2
JuniperJunos Version15.1 Updatef2-s1
JuniperJunos Version15.1 Updatef2-s2
JuniperJunos Version15.1 Updatef2-s3
JuniperJunos Version15.1 Updatef2-s4
JuniperJunos Version15.1 Updatef6-s7
JuniperJunos Version15.1 Updater4
JuniperJunos Version15.1 Updater4-s8
JuniperJunos Version15.1 Updater5-s5
JuniperJunos Version15.1 Updater6-s1
JuniperJunos Version15.1 Updater7
JuniperJunos Version15.1x49
JuniperJunos Version15.1x49 Updated10
JuniperJunos Version15.1x49 Updated20
JuniperJunos Version15.1x49 Updated30
JuniperJunos Version15.1x49 Updated35
JuniperJunos Version15.1x49 Updated40
JuniperJunos Version15.1x49 Updated45
JuniperJunos Version15.1x49 Updated50
JuniperJunos Version15.1x49 Updated55
JuniperJunos Version15.1x49 Updated60
JuniperJunos Version15.1x49 Updated65
JuniperJunos Version15.1x49 Updated70
JuniperJunos Version15.1x49 Updated75
JuniperJunos Version15.1x49 Updated80
JuniperJunos Version15.1x49 Updated90
JuniperJunos Version15.1x53
JuniperJunos Version15.1x53 Updated10
JuniperJunos Version15.1x53 Updated20
JuniperJunos Version15.1x53 Updated21
JuniperJunos Version15.1x53 Updated210
JuniperJunos Version15.1x53 Updated230
JuniperJunos Version15.1x53 Updated25
JuniperJunos Version15.1x53 Updated30
JuniperJunos Version15.1x53 Updated32
JuniperJunos Version15.1x53 Updated33
JuniperJunos Version15.1x53 Updated34
JuniperJunos Version15.1x53 Updated47
JuniperJunos Version15.1x53 Updated48
JuniperJunos Version15.1x53 Updated57
JuniperJunos Version15.1x53 Updated60
JuniperJunos Version15.1x53 Updated61
JuniperJunos Version15.1x53 Updated62
JuniperJunos Version15.1x53 Updated63
JuniperJunos Version15.1x53 Updated64
JuniperJunos Version15.1x53 Updated70
JuniperJunos Version16.1
JuniperJunos Version16.1 Updater1
JuniperJunos Version16.1 Updater2
JuniperJunos Version16.1 Updater3
JuniperJunos Version16.1 Updater4-s3
JuniperJunos Version16.1 Updater4-s4
JuniperJunos Version16.1 Updater5
JuniperJunos Version16.2
JuniperJunos Version16.2 Updater1
JuniperJunos Version17.1
JuniperJunos Version17.1 Updater1
JuniperJunos Version17.1 Updater2
JuniperJunos Version17.2
JuniperJunos Version17.2 Updater1
JuniperJunos Version17.2 Updater2
JuniperJunos Version17.2x75
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.149
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/99556
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038896
Third Party Advisory
VDB Entry