CVE-2007-6372 — Improper Input Validation in Juniper Junos

CWE-20 — Improper Input Validation13 documents3 sources

Severity

7.8HIGHNVD

NVD7.5NVD7.1

EPSS

2.9%

top 13.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachi Gr2000 Juniper Junos Juniper Junos OS

Timeline

PublishedDec 15

Latest updateMay 1

Description

Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDjuniper/junos9 versions+8

▶juniperjuniper/junos_os

▶NVDhitachi/gr20004 versions+3

🔴Vulnerability Details

GHSA

GHSA-w9j8-c5hv-crc7: Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, lea↗2022-05-01

▶

GHSA

GHSA-m679-cmq9-cr33: Unspecified vulnerability in AlaxalA AX routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages↗2022-05-01

▶

GHSA

GHSA-j2ww-2564-cmmg: Unspecified vulnerability in Juniper JUNOS 7↗2022-05-01

▶

GHSA

GHSA-2v7f-jc4p-g275: Unspecified vulnerability in Hitachi GR routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages↗2022-05-01

▶

GHSA

GHSA-fxqg-prwx-jhx3: Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, l↗2022-05-01

▶

📋Vendor Advisories

Juniper

CVE-2007-6372: Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, pos↗2007-12-15

▶