CVE Vulnerabilities

CVE-2017-10618

Published: Oct 13, 2017 | Modified: Oct 09, 2019
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

When the bgp-error-tolerance feature †designed to help mitigate remote session resets from malformed path attributes †is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have bgp-error-tolerance configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 13.3 (including) 13.3 (including)
Junos Juniper 13.3-r10 (including) 13.3-r10 (including)
Junos Juniper 13.3-r2 (including) 13.3-r2 (including)
Junos Juniper 13.3-r3 (including) 13.3-r3 (including)
Junos Juniper 13.3-r4 (including) 13.3-r4 (including)
Junos Juniper 13.3-r5 (including) 13.3-r5 (including)
Junos Juniper 13.3-r6 (including) 13.3-r6 (including)
Junos Juniper 13.3-r7 (including) 13.3-r7 (including)
Junos Juniper 13.3-r8 (including) 13.3-r8 (including)
Junos Juniper 13.3-r9 (including) 13.3-r9 (including)

References