CVE漏洞中文网

0DayBank一个专门收集整理全球互联网漏洞的公开发布网站
  1. 首页
  2. CVE
  3. 正文

CVE-2017-2347 Juniper JUNOS Denial of Service (rpd daemon) Vulnerability (JSA10795)

2017年8月19日 831点热度 0人点赞 0条评论

漏洞类别:Hardware

漏洞等级:

漏洞信息

Juniper JUNOS is the network operating system used in Juniper Networks hardware systems.

A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device.

Affected Version
Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4.

漏洞危害

On successful exploitation it allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured.

解决方案

Solution is not available for all versions.
The following software releases have been updated to resolve this specific issue: 12.3X48-D50, 12.3X48-D55, 13.3R10, 14.1R4-S13, 14.1R8-S3, 14.1R9, 14.1X53-D42, 14.1X53-D50, 14.2R4-S8, 14.2R7-S6, 14.2R8, 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6, 15.1X49-D100, 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70, 16.1R3-S3, 16.1R4, 16.2R1, 17.1R1, and all subsequent releases.

Workaround:
There are no viable workarounds for this issue.
It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the router only from trusted, administrative networks or hosts.

0daybank

标签: 暂无
最后更新:2017年8月19日

小助手

这个人很懒,什么都没留下

点赞
< 上一篇
下一篇 >

文章评论

您需要 登录 之后才可以评论

COPYRIGHT © 2024 www.pdr.cn CVE漏洞中文网. ALL RIGHTS RESERVED.

鲁ICP备2022031030号

联系邮箱:wpbgssyubnmsxxxkkk@proton.me