CVE-2017-2302
HIGHJunos OS Multiple Versions - Denial of Service via BGP Add-Path Feature
Title source: llmDescription
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10771
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037595
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95394
Scores
CVSS v3
7.5
EPSS
0.0081
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (6)
juniper/junos
12.1x46 (10 CPE variants)
juniper/junos
12.1x47 (8 CPE variants)
juniper/junos
12.3 (12 CPE variants)
juniper/junos
12.3x48 (4 CPE variants)
juniper/junos
13.3 (10 CPE variants)
juniper/junos
14.1 (6 CPE variants)
Published
May 30, 2017
Tracked Since
Feb 18, 2026