CVE-2017-10618 — Networks Junos OS vulnerability

3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 47.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedOct 13

Latest updateMay 13

Description

When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os13 versions+12

▶NVDjuniper/junos13 versions+12

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-cmj3-fcj6-jp6c: When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10618: When the 'bgp-error-tolerance' feature â" designed to help mitigate remote session resets from malformed path attributes â" is e↗2017-10-13

▶