CVE-2017-2302 — Networks Junos OS Where THE BGP Add-path Feature IS Enabled With Send Option OR With Both vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Where THE BGP Add-path Feature IS Enabled With Send Option OR With Both Juniper Junos Juniper Junos OS

Timeline

PublishedMay 30

Latest updateMay 13

Description

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can caus…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os_where_the_bgp_add-path_feature_is_enabled_with_send_option_or_with_both12 versions+11

▶NVDjuniper/junos10 versions+9

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-9hc3-95jh-c23v: On Juniper Networks products or platforms running Junos OS 12↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-2302: On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X↗2017-05-30

▶