CVE-2017-2313
HIGHJunos OS 15.1-16.2 - Denial of Service via Crafted BGP UPDATE
Title source: llmDescription
Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10778
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038257
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97606
Scores
CVSS v3
7.5
EPSS
0.0051
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (12)
juniper/junos
15.1 f1 (8 CPE variants)
juniper/junos
15.1x49 d10 (12 CPE variants)
juniper/junos
15.1x53 d10 (13 CPE variants)
juniper/junos
16.1 r1 (4 CPE variants)
juniper/junos
16.2 r1 (2 CPE variants)
Juniper Networks/Junos OS with BGP enabled
15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6
Juniper Networks/Junos OS with BGP enabled
15.1X49 prior to 15.1X49-D78, 15.1X49-D80
Juniper Networks/Junos OS with BGP enabled
15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70
Juniper Networks/Junos OS with BGP enabled
16.1 prior to 16.1R3-S3, 16.1R4
Juniper Networks/Junos OS with BGP enabled
16.2 prior to 16.2R1-S3, 16.2R2
... and 2 more
Published
Apr 24, 2017
Tracked Since
Feb 18, 2026