CVE-2017-10618

When the 'bgp-error-tolerance' feature â" designed to help mitigate remote session resets from malformed path attributes â" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://kb.juniper.net/JSA10820	Mitigation Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-error-handling-overview.html	Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/bgp-error-tolerance.html	Vendor Advisory
https://kb.juniper.net/JSA10820	Mitigation Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-error-handling-overview.html	Vendor Advisory
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/bgp-error-tolerance.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:13.3:::::::*
	cpe:2.3:o:juniper:junos:13.3:r10::::::
	cpe:2.3:o:juniper:junos:13.3:r2::::::
	cpe:2.3:o:juniper:junos:13.3:r3::::::
	cpe:2.3:o:juniper:junos:13.3:r4::::::
	cpe:2.3:o:juniper:junos:13.3:r5::::::
	cpe:2.3:o:juniper:junos:13.3:r6::::::
	cpe:2.3:o:juniper:junos:13.3:r7::::::
	cpe:2.3:o:juniper:junos:13.3:r8::::::
	cpe:2.3:o:juniper:junos:13.3:r9::::::

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:junos:14.1:::::::*
	cpe:2.3:o:juniper:junos:14.1:r1::::::
	cpe:2.3:o:juniper:junos:14.1:r2::::::
	cpe:2.3:o:juniper:junos:14.1:r3::::::
	cpe:2.3:o:juniper:junos:14.1:r4::::::
	cpe:2.3:o:juniper:junos:14.1:r5::::::
	cpe:2.3:o:juniper:junos:14.1:r6::::::
	cpe:2.3:o:juniper:junos:14.1:r7::::::
	cpe:2.3:o:juniper:junos:14.1:r8::::::
	cpe:2.3:o:juniper:junos:14.1:r9::::::

Configuration 3 (hide)

OR	cpe:2.3:o:juniper:junos:14.1x50:::::::*
	cpe:2.3:o:juniper:junos:14.1x50:d60::::::

Configuration 4 (hide)

OR	cpe:2.3:o:juniper:junos:14.1x53:::::::*
	cpe:2.3:o:juniper:junos:14.1x53:d10::::::
	cpe:2.3:o:juniper:junos:14.1x53:d15::::::
	cpe:2.3:o:juniper:junos:14.1x53:d16::::::
	cpe:2.3:o:juniper:junos:14.1x53:d25::::::
	cpe:2.3:o:juniper:junos:14.1x53:d26::::::
	cpe:2.3:o:juniper:junos:14.1x53:d27::::::
	cpe:2.3:o:juniper:junos:14.1x53:d30::::::
	cpe:2.3:o:juniper:junos:14.1x53:d35::::::
	cpe:2.3:o:juniper:junos:14.1x53:d40::::::
	cpe:2.3:o:juniper:junos:14.1x53:d42::::::
	cpe:2.3:o:juniper:junos:14.1x53:d43::::::
	cpe:2.3:o:juniper:junos:14.1x53:d44::::::
	cpe:2.3:o:juniper:junos:14.1x53:d50::::::

Configuration 5 (hide)

OR	cpe:2.3:o:juniper:junos:14.2:::::::*
	cpe:2.3:o:juniper:junos:14.2:r1::::::
	cpe:2.3:o:juniper:junos:14.2:r2::::::
	cpe:2.3:o:juniper:junos:14.2:r3::::::
	cpe:2.3:o:juniper:junos:14.2:r4::::::
	cpe:2.3:o:juniper:junos:14.2:r5::::::
	cpe:2.3:o:juniper:junos:14.2:r6::::::
	cpe:2.3:o:juniper:junos:14.2:r7::::::
	cpe:2.3:o:juniper:junos:14.2:r8::::::

Configuration 6 (hide)

OR	cpe:2.3:o:juniper:junos:15.1:::::::*
	cpe:2.3:o:juniper:junos:15.1:f1::::::
	cpe:2.3:o:juniper:junos:15.1:f2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s1::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s2::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s3::::::
	cpe:2.3:o:juniper:junos:15.1:f2-s4::::::
	cpe:2.3:o:juniper:junos:15.1:f3::::::
	cpe:2.3:o:juniper:junos:15.1:f4::::::
	cpe:2.3:o:juniper:junos:15.1:f5::::::
	cpe:2.3:o:juniper:junos:15.1:f6-s7::::::
	cpe:2.3:o:juniper:junos:15.1:r1::::::
	cpe:2.3:o:juniper:junos:15.1:r2::::::
	cpe:2.3:o:juniper:junos:15.1:r3::::::
	cpe:2.3:o:juniper:junos:15.1:r4::::::
	cpe:2.3:o:juniper:junos:15.1:r5::::::
	cpe:2.3:o:juniper:junos:15.1:r5-s6::::::
	cpe:2.3:o:juniper:junos:15.1:r6-s2::::::
	cpe:2.3:o:juniper:junos:15.1:r7::::::

Configuration 7 (hide)

OR	cpe:2.3:o:juniper:junos:15.1x49:::::::*
	cpe:2.3:o:juniper:junos:15.1x49:d10::::::
	cpe:2.3:o:juniper:junos:15.1x49:d20::::::
	cpe:2.3:o:juniper:junos:15.1x49:d30::::::
	cpe:2.3:o:juniper:junos:15.1x49:d35::::::
	cpe:2.3:o:juniper:junos:15.1x49:d40::::::
	cpe:2.3:o:juniper:junos:15.1x49:d45::::::
	cpe:2.3:o:juniper:junos:15.1x49:d50::::::
	cpe:2.3:o:juniper:junos:15.1x49:d55::::::
	cpe:2.3:o:juniper:junos:15.1x49:d60::::::
	cpe:2.3:o:juniper:junos:15.1x49:d65::::::
	cpe:2.3:o:juniper:junos:15.1x49:d70::::::
	cpe:2.3:o:juniper:junos:15.1x49:d75::::::
	cpe:2.3:o:juniper:junos:15.1x49:d80::::::
	cpe:2.3:o:juniper:junos:15.1x49:d90::::::

Configuration 8 (hide)

OR	cpe:2.3:o:juniper:junos:15.1x53:::::::*
	cpe:2.3:o:juniper:junos:15.1x53:d10::::::
	cpe:2.3:o:juniper:junos:15.1x53:d20::::::
	cpe:2.3:o:juniper:junos:15.1x53:d21::::::
	cpe:2.3:o:juniper:junos:15.1x53:d25::::::
	cpe:2.3:o:juniper:junos:15.1x53:d30::::::
	cpe:2.3:o:juniper:junos:15.1x53:d32::::::
	cpe:2.3:o:juniper:junos:15.1x53:d33::::::
	cpe:2.3:o:juniper:junos:15.1x53:d34::::::
	cpe:2.3:o:juniper:junos:15.1x53:d50::::::
	cpe:2.3:o:juniper:junos:15.1x53:d51::::::
	cpe:2.3:o:juniper:junos:15.1x53:d52::::::
	cpe:2.3:o:juniper:junos:15.1x53:d55::::::
	cpe:2.3:o:juniper:junos:15.1x53:d57::::::
	cpe:2.3:o:juniper:junos:15.1x53:d60::::::
	cpe:2.3:o:juniper:junos:15.1x53:d61::::::
	cpe:2.3:o:juniper:junos:15.1x53:d62::::::
	cpe:2.3:o:juniper:junos:15.1x53:d63::::::
	cpe:2.3:o:juniper:junos:15.1x53:d70::::::

Configuration 9 (hide)

OR	cpe:2.3:o:juniper:junos:16.1:::::::*
	cpe:2.3:o:juniper:junos:16.1:r1::::::
	cpe:2.3:o:juniper:junos:16.1:r2::::::
	cpe:2.3:o:juniper:junos:16.1:r3::::::
	cpe:2.3:o:juniper:junos:16.1:r4-s3::::::
	cpe:2.3:o:juniper:junos:16.1:r5::::::

Configuration 10 (hide)

OR	cpe:2.3:o:juniper:junos:16.2:::::::*
	cpe:2.3:o:juniper:junos:16.2:r1::::::
	cpe:2.3:o:juniper:junos:16.2:r2::::::

Configuration 11 (hide)

OR	cpe:2.3:o:juniper:junos:17.1:::::::*
	cpe:2.3:o:juniper:junos:17.1:r1::::::
	cpe:2.3:o:juniper:junos:17.1:r2::::::

Configuration 12 (hide)

OR	cpe:2.3:o:juniper:junos:17.2:::::::*
	cpe:2.3:o:juniper:junos:17.2:r1::::::
	cpe:2.3:o:juniper:junos:17.2:r2::::::

Configuration 13 (hide)

cpe:2.3:o:juniper:junos:17.2x75:*:*:*:*:*:*:*

History

21 Nov 2024, 03:06

Type	Values Removed	Values Added
References	~~() https://kb.juniper.net/JSA10820 - Mitigation, Vendor Advisory~~	() https://kb.juniper.net/JSA10820 - Mitigation, Vendor Advisory
References	~~() https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-error-handling-overview.html - Vendor Advisory~~	() https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-error-handling-overview.html - Vendor Advisory
References	~~() https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/bgp-error-tolerance.html - Vendor Advisory~~	() https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/bgp-error-tolerance.html - Vendor Advisory

Information

Published : 2017-10-13 17:29

Updated : 2024-11-21 03:06

NVD link : CVE-2017-10618

Mitre link : CVE-2017-10618

CVE.ORG link : CVE-2017-10618

JSON object : View

Products Affected

juniper

junos

CWE

NVD-CWE-noinfo

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-10618

5.9^/10

4.3^/10

Attach tags to `CVE-2017-10618`