CVE-2016-1262 — Improper Input Validation in Juniper Junos

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.6%

top 30.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS Juniper SRX Series

Timeline

PublishedJan 15

Latest updateMay 17

Description

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDjuniper/junos12.1x46+3

▶juniperjuniper/junos_os

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-fc7g-9852-m869: Juniper Junos OS before 12↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting↗2019-09-25

▶

📋Vendor Advisories

Juniper

CVE-2016-1262: Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, whe↗2016-01-15

▶

💬Community

Bugzilla

CVE-2016-1704 chromium-browser: various fixes from internal audits↗2016-06-17

▶