cvelistv5 - cve-2017-2304

CVE-2017-2304 (GCVE-0-2017-2304)

Vulnerability from cvelistv5 – Published: 2017-05-30 14:00 – Updated: 2024-08-05 13:48

Summary

Severity ?

No CVSS data available.

CWE

information leak

Assigner

juniper

References

URL

Tags

	http://www.securitytracker.com/id/1037593	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/95403	vdb-entryx_refsource_BID
	https://kb.juniper.net/JSA10773	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices	Affected: 14.1X53 prior to 14.1X53-D40 Affected: 15.1X53 prior to 15.1X53-D40 Affected: 15.1 prior to 15.1R2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037593",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037593"
          },
          {
            "name": "95403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95403"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10773"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "14.1X53 prior to 14.1X53-D40"
            },
            {
              "status": "affected",
              "version": "15.1X53 prior to 15.1X53-D40"
            },
            {
              "status": "affected",
              "version": "15.1 prior to 15.1R2"
            }
          ]
        }
      ],
      "datePublic": "2017-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1037593",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037593"
        },
        {
          "name": "95403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95403"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10773"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.1X53 prior to 14.1X53-D40"
                          },
                          {
                            "version_value": "15.1X53 prior to 15.1X53-D40"
                          },
                          {
                            "version_value": "15.1 prior to 15.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037593",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037593"
            },
            {
              "name": "95403",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95403"
            },
            {
              "name": "https://kb.juniper.net/JSA10773",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10773"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2304",
    "datePublished": "2017-05-30T14:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"09771B8F-8B2A-4E8B-B4D3-80677697FCF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"55E2F909-E1CC-45AA-ABA9-58178B751808\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1AA12C5-4520-4F79-80BE-66112F7AFC2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*\", \"matchCriteriaId\": \"807C8110-5CC2-45F0-B094-BBF9C0B63BDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*\", \"matchCriteriaId\": \"547E5737-D385-49B9-A69F-A3B185A34116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ED257ED-A56B-48A6-8568-65F36FFFC753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*\", \"matchCriteriaId\": \"74500FC7-EE82-4AA8-9A5F-15DE4835E337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAE14AE1-6756-4831-A8D5-A6D07DB24AF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"285CD1E5-C6D3-470A-8556-653AFF74D0F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9511DD0-D910-4C29-B0E3-8F9D0531F09C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E3B807C-196D-42B8-9042-7582A1366772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*\", \"matchCriteriaId\": \"83FEEE8F-9279-46F2-BAF9-A60537020C61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F294E43-73FA-4EF3-90F2-EE29C56D6573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDDE1048-BFEA-4A3E-8270-27C538A68837\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC517CD0-FF35-498F-AD33-683B43CA3829\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*\", \"matchCriteriaId\": \"53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E594D6DC-87F6-40D2-8268-ED6021462168\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1BB20B5-EA30-4E8E-9055-2E629648436A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F4D44B0-E6CE-4380-8712-AC832DBCB424\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E974B4BC-64C5-4BB6-AF31-D46AF3763416\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDC5478F-A047-4F6D-BB11-0077A74C0174\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos QFX3500, QFX3600, QFX5100, QFX5200, EX4300 y EX4600 de Juniper Networks que ejecutan Junos OS 14.1X53 anteriores a 14.1X53-D40, 15.1X53 anteriores a 15.1X53-D40 y 15.1 anteriores a 15.1R2, no rellenan paquetes Ethernet con ceros por lo que algunos paquetes pueden contener fragmentos de memoria del sistema o datos de paquetes anteriores. Este problema tambi\\u00e9n es conocido como \\\"Etherleak\\\"\"}]",
      "id": "CVE-2017-2304",
      "lastModified": "2024-11-21T03:23:14.847",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-30T14:29:00.847",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95403\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037593\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10773\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95403\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037593\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2304\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2017-05-30T14:29:00.847\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027\"},{\"lang\":\"es\",\"value\":\"Los dispositivos QFX3500, QFX3600, QFX5100, QFX5200, EX4300 y EX4600 de Juniper Networks que ejecutan Junos OS 14.1X53 anteriores a 14.1X53-D40, 15.1X53 anteriores a 15.1X53-D40 y 15.1 anteriores a 15.1R2, no rellenan paquetes Ethernet con ceros por lo que algunos paquetes pueden contener fragmentos de memoria del sistema o datos de paquetes anteriores. Este problema tambi\u00e9n es conocido como \\\"Etherleak\\\"\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"09771B8F-8B2A-4E8B-B4D3-80677697FCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E2F909-E1CC-45AA-ABA9-58178B751808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1AA12C5-4520-4F79-80BE-66112F7AFC2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"807C8110-5CC2-45F0-B094-BBF9C0B63BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*\",\"matchCriteriaId\":\"547E5737-D385-49B9-A69F-A3B185A34116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ED257ED-A56B-48A6-8568-65F36FFFC753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"74500FC7-EE82-4AA8-9A5F-15DE4835E337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE14AE1-6756-4831-A8D5-A6D07DB24AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"285CD1E5-C6D3-470A-8556-653AFF74D0F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9511DD0-D910-4C29-B0E3-8F9D0531F09C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E3B807C-196D-42B8-9042-7582A1366772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FEEE8F-9279-46F2-BAF9-A60537020C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F294E43-73FA-4EF3-90F2-EE29C56D6573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDDE1048-BFEA-4A3E-8270-27C538A68837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC517CD0-FF35-498F-AD33-683B43CA3829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E594D6DC-87F6-40D2-8268-ED6021462168\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1BB20B5-EA30-4E8E-9055-2E629648436A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4D44B0-E6CE-4380-8712-AC832DBCB424\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E974B4BC-64C5-4BB6-AF31-D46AF3763416\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDC5478F-A047-4F6D-BB11-0077A74C0174\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95403\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037593\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10773\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-012

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 exécutant Junos OS avec des versions antérieures à 4.1X53-D40, 15.1X53-D40, 15.1R2
Juniper Networks	Junos Space	Junos Space versions antérieures à 16.1R1
Juniper Networks	Junos OS	Tout produit Juniper avec RIP activé et exécutant Junos OS avec des versions antérieures à 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1
Juniper Networks	Junos OS	Tout produit Juniper exécutant Junos OS avec des versions antérieures à 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20
Juniper Networks	Junos OS	Tout produit Juniper avec DHCPv6 activé et exécutant Junos OS avec des versions antérieures à 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1
Juniper Networks	Junos OS	Juniper SRX Series Services Gateway chassis cluster avec PIM activé exécutant Junos OS avec des versions antérieures à 12.1X46-D65, 12.3X48-D40, 15.1X49-D60
Juniper Networks	N/A	Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de sécurité NSM Appliance Upgrade Package v3

References

Title

Publication Time

Tags

Bulletin de sécurité les produits Juniper JSA10771 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10774 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10769 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10773 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10772 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10770 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10768 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10770 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10772 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10773 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10774 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10771 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10769 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10768 du 11 janvier 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 4.1X53-D40, 15.1X53-D40, 15.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 16.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper avec RIP activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper avec DHCPv6 activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX Series Services Gateway chassis cluster avec PIM activ\u00e9 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D65, 12.3X48-D40, 15.1X49-D60",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de s\u00e9curit\u00e9 NSM Appliance Upgrade Package v3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2310"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2017-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2304"
    },
    {
      "name": "CVE-2016-6662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2017-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2308"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2017-2303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2303"
    },
    {
      "name": "CVE-2016-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2017-2300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2300"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2017-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2307"
    },
    {
      "name": "CVE-2016-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-5387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
    },
    {
      "name": "CVE-2015-5366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5366"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-5573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    },
    {
      "name": "CVE-2017-2302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2302"
    },
    {
      "name": "CVE-2017-2306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2306"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2017-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2305"
    },
    {
      "name": "CVE-2017-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2311"
    },
    {
      "name": "CVE-2017-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2309"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10772\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10773\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10771\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10769\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10768\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2017-AVI-012",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11 janvier 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-012

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 exécutant Junos OS avec des versions antérieures à 4.1X53-D40, 15.1X53-D40, 15.1R2
Juniper Networks	Junos Space	Junos Space versions antérieures à 16.1R1
Juniper Networks	Junos OS	Tout produit Juniper avec RIP activé et exécutant Junos OS avec des versions antérieures à 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1
Juniper Networks	Junos OS	Tout produit Juniper exécutant Junos OS avec des versions antérieures à 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20
Juniper Networks	Junos OS	Tout produit Juniper avec DHCPv6 activé et exécutant Junos OS avec des versions antérieures à 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1
Juniper Networks	Junos OS	Juniper SRX Series Services Gateway chassis cluster avec PIM activé exécutant Junos OS avec des versions antérieures à 12.1X46-D65, 12.3X48-D40, 15.1X49-D60
Juniper Networks	N/A	Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de sécurité NSM Appliance Upgrade Package v3

References

Title

Publication Time

Tags

Bulletin de sécurité les produits Juniper JSA10771 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10774 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10769 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10773 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10772 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10770 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10768 du 11 janvier 2017	None	vendor-advisory
Bulletin de sécurité les produits Juniper JSA10770 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10772 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10773 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10774 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10771 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10769 du 11 janvier 2017	-	other
Bulletin de sécurité les produits Juniper JSA10768 du 11 janvier 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper QFX3500, QFX3600, QFX5100, QFX5200, EX4300 et EX4600 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 4.1X53-D40, 15.1X53-D40, 15.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 16.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper avec RIP activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D50, 12.1X47-D40, 12.3R13, 12.3X48-D30, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D35, 14.1X55-D35, 14.2R5, 15.1F6, 15.1R3, 15.1X49-D30, 15.1X49-D40, 15.1X53-D35, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D55, 12.1X47-D45, 12.3R13, 12.3X48-D35, 13.3R10, 14.1R8, 14.1X53-D40, 14.1X55-D35, 14.2R6, 15.1R1, 15.1X49-D20",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Tout produit Juniper avec DHCPv6 activ\u00e9 et ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 11.4R13-S3, 12.1X46-D60, 12.3R12-S2, 12.3R13, 12.3X48-D40, 13.2X51-D40, 13.3R10, 14.1R8, 14.1X53-D12, 14.1X53-D35, 14.1X55-D35, 14.2R7, 15.1F6, 15.1R3, 15.1X49-D60, 15.1X53-D30, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX Series Services Gateway chassis cluster avec PIM activ\u00e9 ex\u00e9cutant Junos OS avec des versions ant\u00e9rieures \u00e0 12.1X46-D65, 12.3X48-D40, 15.1X49-D60",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM3000, NSM4000 et NSMExpress sans le correctif de s\u00e9curit\u00e9 NSM Appliance Upgrade Package v3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2310"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2017-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2304"
    },
    {
      "name": "CVE-2016-6662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2017-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2308"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2017-2303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2303"
    },
    {
      "name": "CVE-2016-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2017-2300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2300"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2017-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2307"
    },
    {
      "name": "CVE-2016-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-5387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
    },
    {
      "name": "CVE-2015-5366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5366"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-5573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    },
    {
      "name": "CVE-2017-2302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2302"
    },
    {
      "name": "CVE-2017-2306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2306"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2017-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2305"
    },
    {
      "name": "CVE-2017-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2311"
    },
    {
      "name": "CVE-2017-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2309"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10772\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10773\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10771\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10769\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11    janvier 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10768\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2017-AVI-012",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10771 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10774 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10769 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10773 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10772 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10770 du 11 janvier 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits Juniper JSA10768 du 11 janvier 2017",
      "url": null
    }
  ]
}

GSD-2017-2304

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2304

Aliases

CVE-2017-2304

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2304",
    "description": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027",
    "id": "GSD-2017-2304"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2304"
      ],
      "details": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027",
      "id": "GSD-2017-2304",
      "modified": "2023-12-13T01:21:05.748104Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "ID": "CVE-2017-2304",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "14.1X53 prior to 14.1X53-D40"
                        },
                        {
                          "version_value": "15.1X53 prior to 15.1X53-D40"
                        },
                        {
                          "version_value": "15.1 prior to 15.1R2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information leak"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1037593",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037593"
          },
          {
            "name": "95403",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95403"
          },
          {
            "name": "https://kb.juniper.net/JSA10773",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10773"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2304"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10773",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10773"
            },
            {
              "name": "95403",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95403"
            },
            {
              "name": "1037593",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037593"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-05-10T14:11Z",
      "publishedDate": "2017-05-30T14:29Z"
    }
  }
}

VAR-201705-3368

Vulnerability from variot - Updated: 2023-12-18 13:08

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'. plural Juniper Networks Run on device Junos OS Contains an information disclosure vulnerability.Information may be obtained. Juniper Networks QFX3500 and other are Juniper Networks' switch products. Information obtained will aid in further attacks. Junos OS 14.1X53-D40, 15.1X53-D40, 15.1R2 and later fixes the issue. Attackers can exploit this vulnerability to obtain Etherleak memory

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3368",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "14.1x53"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "15.1x53"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "15.1"
      },
      {
        "model": "junos os",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks qfx5200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks qfx5100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks qfx3600",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks qfx3500",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks junos 15.1x53-d35",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1x53-d30",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1x53-d20",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1r1",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f6",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f5-s2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f5",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f4-s2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f4",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f3",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f2-s5",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f2-s2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1f1",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 15.1a2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 14.1x53-d35",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 14.1x53-d30.3",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 14.1x53-d30",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 14.1x53-d28",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos 14.1x53-d26",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks ex4600",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks ex4300",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "15.1r1"
      },
      {
        "model": "qfx5200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "qfx5100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "qfx3600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "qfx3500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 15.1x53-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1x53-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f5-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f2-s5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1f1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1a2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d30.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d28",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d18",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d16",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ex4600",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "ex4300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 15.1x53-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.1x53-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks",
    "sources": [
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2304",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-2304",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-00554",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-110507",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2304",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2304",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-00554",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-317",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110507",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027. plural Juniper Networks Run on device Junos OS Contains an information disclosure vulnerability.Information may be obtained. Juniper Networks QFX3500 and other are Juniper Networks\u0027 switch products. Information obtained will aid in further attacks. \nJunos OS 14.1X53-D40, 15.1X53-D40, 15.1R2 and later fixes the issue. Attackers can exploit this vulnerability to obtain Etherleak memory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2304",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "95403",
        "trust": 2.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10773",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1037593",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "id": "VAR-201705-3368",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      }
    ],
    "trust": 1.59849624
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:50.436000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10773",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10773\u0026actp=metadata"
      },
      {
        "title": "Patches for multiple Juniper product information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/88107"
      },
      {
        "title": "Multiple Juniper Product information disclosure vulnerability repair measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66979"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/95403"
      },
      {
        "trust": 1.7,
        "url": "https://kb.juniper.net/jsa10773"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037593"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2304"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2304"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10773\u0026actp=rss"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "db": "BID",
        "id": "95403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "date": "2017-05-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "date": "2017-01-01T00:00:00",
        "db": "BID",
        "id": "95403"
      },
      {
        "date": "2017-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "date": "2017-05-30T14:29:00.847000",
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "date": "2017-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00554"
      },
      {
        "date": "2019-05-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110507"
      },
      {
        "date": "2017-01-23T02:05:00",
        "db": "BID",
        "id": "95403"
      },
      {
        "date": "2017-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      },
      {
        "date": "2019-05-10T14:11:58.410000",
        "db": "NVD",
        "id": "CVE-2017-2304"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Juniper Networks Run on device  Junos OS Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004634"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-317"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-2304

Vulnerability from fkie_nvd - Published: 2017-05-30 14:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/95403	Third Party Advisory, VDB Entry
sirt@juniper.net	http://www.securitytracker.com/id/1037593	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10773	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95403	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037593	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10773	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	junos	15.1x53
juniper	ex4300	-
juniper	ex4600	-
juniper	qfx3500	-
juniper	qfx3600	-
juniper	qfx5100	-
juniper	qfx5200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*",
              "matchCriteriaId": "6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*",
              "matchCriteriaId": "09771B8F-8B2A-4E8B-B4D3-80677697FCF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*",
              "matchCriteriaId": "55E2F909-E1CC-45AA-ABA9-58178B751808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA12C5-4520-4F79-80BE-66112F7AFC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*",
              "matchCriteriaId": "807C8110-5CC2-45F0-B094-BBF9C0B63BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*",
              "matchCriteriaId": "547E5737-D385-49B9-A69F-A3B185A34116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*",
              "matchCriteriaId": "2ED257ED-A56B-48A6-8568-65F36FFFC753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*",
              "matchCriteriaId": "74500FC7-EE82-4AA8-9A5F-15DE4835E337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*",
              "matchCriteriaId": "AAE14AE1-6756-4831-A8D5-A6D07DB24AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
              "matchCriteriaId": "C9511DD0-D910-4C29-B0E3-8F9D0531F09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
              "matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
              "matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
              "matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
              "matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
              "matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
              "matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
              "matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4D44B0-E6CE-4380-8712-AC832DBCB424",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
    },
    {
      "lang": "es",
      "value": "Los dispositivos QFX3500, QFX3600, QFX5100, QFX5200, EX4300 y EX4600 de Juniper Networks que ejecutan Junos OS 14.1X53 anteriores a 14.1X53-D40, 15.1X53 anteriores a 15.1X53-D40 y 15.1 anteriores a 15.1R2, no rellenan paquetes Ethernet con ceros por lo que algunos paquetes pueden contener fragmentos de memoria del sistema o datos de paquetes anteriores. Este problema tambi\u00e9n es conocido como \"Etherleak\""
    }
  ],
  "id": "CVE-2017-2304",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-30T14:29:00.847",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95403"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037593"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10773"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2WF6-7FFX-GX7R

Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-30T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027",
  "id": "GHSA-2wf6-7ffx-gx7r",
  "modified": "2022-05-14T01:04:30Z",
  "published": "2022-05-14T01:04:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2304"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10773"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95403"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037593"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-00554

Vulnerability from cnvd - Published: 2017-01-18

Title

多款Juniper产品信息泄露漏洞

Description

Juniper Networks QFX3500等都是美国瞻博网络（JuniperNetworks）公司的交换机产品。多款Juniper产品存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity

低

Patch Name

多款Juniper产品信息泄露漏洞的补丁

Patch Description

Juniper Networks QFX3500等都是美国瞻博网络（JuniperNetworks）公司的交换机产品。多款Juniper产品存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773&actp=RSS

Reference

http://www.securityfocus.com/bid/95403

Impacted products

Name
['Juniper Networks QFX5200 0', 'Juniper Networks QFX5100 0', 'Juniper Networks QFX3600 0', 'Juniper Networks QFX3500 0', 'Juniper Networks JUNOS 15.1X53-D35', 'Juniper Networks JUNOS 15.1X53-D30', 'Juniper Networks JUNOS 15.1X53-D20', 'Juniper Networks JUNOS 15.1R1', 'Juniper Networks JUNOS 15.1F6', 'Juniper Networks JUNOS 15.1F5-S2', 'Juniper Networks JUNOS 15.1F5', 'Juniper Networks JUNOS 15.1F4-S2', 'Juniper Networks JUNOS 15.1F4', 'Juniper Networks JUNOS 15.1F3', 'Juniper Networks JUNOS 15.1F2-S5', 'Juniper Networks JUNOS 15.1F2-S2', 'Juniper Networks JUNOS 15.1F2', 'Juniper Networks JUNOS 15.1F1', 'Juniper Networks JUNOS 15.1A2', 'Juniper Networks JUNOS 14.1X53-D35', 'Juniper Networks JUNOS 14.1X53-D30.3', 'Juniper Networks JUNOS 14.1X53-D30', 'Juniper Networks JUNOS 14.1X53-D28', 'Juniper Networks JUNOS 14.1X53-D26', 'Juniper Networks EX4600 0', 'Juniper Networks EX4300 0']

Name

['Juniper Networks QFX5200 0', 'Juniper Networks QFX5100 0', 'Juniper Networks QFX3600 0', 'Juniper Networks QFX3500 0', 'Juniper Networks JUNOS 15.1X53-D35', 'Juniper Networks JUNOS 15.1X53-D30', 'Juniper Networks JUNOS 15.1X53-D20', 'Juniper Networks JUNOS 15.1R1', 'Juniper Networks JUNOS 15.1F6', 'Juniper Networks JUNOS 15.1F5-S2', 'Juniper Networks JUNOS 15.1F5', 'Juniper Networks JUNOS 15.1F4-S2', 'Juniper Networks JUNOS 15.1F4', 'Juniper Networks JUNOS 15.1F3', 'Juniper Networks JUNOS 15.1F2-S5', 'Juniper Networks JUNOS 15.1F2-S2', 'Juniper Networks JUNOS 15.1F2', 'Juniper Networks JUNOS 15.1F1', 'Juniper Networks JUNOS 15.1A2', 'Juniper Networks JUNOS 14.1X53-D35', 'Juniper Networks JUNOS 14.1X53-D30.3', 'Juniper Networks JUNOS 14.1X53-D30', 'Juniper Networks JUNOS 14.1X53-D28', 'Juniper Networks JUNOS 14.1X53-D26', 'Juniper Networks EX4600 0', 'Juniper Networks EX4300 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95403"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2304"
    }
  },
  "description": "Juniper Networks QFX3500\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08JuniperNetworks\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10773\u0026actp=RSS",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00554",
  "openTime": "2017-01-18",
  "patchDescription": "Juniper Networks QFX3500\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08JuniperNetworks\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eJuniper\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks QFX5200 0",
      "Juniper Networks QFX5100 0",
      "Juniper Networks QFX3600 0",
      "Juniper Networks QFX3500 0",
      "Juniper Networks JUNOS 15.1X53-D35",
      "Juniper Networks JUNOS 15.1X53-D30",
      "Juniper Networks JUNOS 15.1X53-D20",
      "Juniper Networks JUNOS 15.1R1",
      "Juniper Networks JUNOS 15.1F6",
      "Juniper Networks JUNOS 15.1F5-S2",
      "Juniper Networks JUNOS 15.1F5",
      "Juniper Networks JUNOS 15.1F4-S2",
      "Juniper Networks JUNOS 15.1F4",
      "Juniper Networks JUNOS 15.1F3",
      "Juniper Networks JUNOS 15.1F2-S5",
      "Juniper Networks JUNOS 15.1F2-S2",
      "Juniper Networks JUNOS 15.1F2",
      "Juniper Networks JUNOS 15.1F1",
      "Juniper Networks JUNOS 15.1A2",
      "Juniper Networks JUNOS 14.1X53-D35",
      "Juniper Networks JUNOS 14.1X53-D30.3",
      "Juniper Networks JUNOS 14.1X53-D30",
      "Juniper Networks JUNOS 14.1X53-D28",
      "Juniper Networks JUNOS 14.1X53-D26",
      "Juniper Networks EX4600 0",
      "Juniper Networks EX4300 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95403",
  "serverity": "\u4f4e",
  "submitTime": "2017-01-16",
  "title": "\u591a\u6b3eJuniper\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2304 (GCVE-0-2017-2304)

CERTFR-2017-AVI-012

Solution

CERTFR-2017-AVI-012

Solution

GSD-2017-2304

VAR-201705-3368

FKIE_CVE-2017-2304

GHSA-2WF6-7FFX-GX7R

CNVD-2017-00554

Tags

Sightings

Nomenclature