CVE-2016-1257 — Improper Input Validation in Juniper Junos

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 30.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedJan 15

Latest updateMay 17

Description

The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a den…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDjuniper/junos8 versions+7

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-m342-5vmf-gj7w: The Routing Engine in Juniper Junos OS 13↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2016-1257: The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R↗2016-01-15

▶