CVE-2017-2314 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 36.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJul 17

Latest updateMay 13

Description

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os10 versions+9

▶NVDjuniper/junos10 versions+9

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-5pw8-wwr7-95h7: Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-2314: Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially cr↗2017-07-17

▶