CVE-2017-10605 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS +1 more

Timeline

PublishedJul 17

Latest updateMay 13

Description

On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporar…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶juniperjuniper/srx_series

▶CVEListV5juniper_networks/junos_os12.1X46 prior to 12.1X46-D67, 12.3X48 prior to 12.3X48-D50, 15.1X49 prior to 15.1X49-D91, 15.1X49-D100+2

▶NVDjuniper/junos12.1x46, 12.3x48, 15.1x49+2

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-3g43-vm9r-34g5: On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, haltin↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10605: On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, haltin↗2017-07-17

▶