CVE-2017-10618

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

13/10/2017

Last modified:

20/04/2025

Description

When the &#39;bgp-error-tolerance&#39; feature &#xe2;&#x80;" designed to help mitigate remote session resets from malformed path attributes &#xe2;&#x80;" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have &#39;bgp-error-tolerance&#39; configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.90 MEDIUM
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

5.90

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:M/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:juniper:junos:13.3:::::::*
cpe:2.3:o:juniper:junos:13.3:r10::::::
cpe:2.3:o:juniper:junos:13.3:r2::::::
cpe:2.3:o:juniper:junos:13.3:r3::::::
cpe:2.3:o:juniper:junos:13.3:r4::::::
cpe:2.3:o:juniper:junos:13.3:r5::::::
cpe:2.3:o:juniper:junos:13.3:r6::::::
cpe:2.3:o:juniper:junos:13.3:r7::::::
cpe:2.3:o:juniper:junos:13.3:r8::::::
cpe:2.3:o:juniper:junos:13.3:r9::::::
cpe:2.3:o:juniper:junos:14.1:::::::*
cpe:2.3:o:juniper:junos:14.1:r1::::::
cpe:2.3:o:juniper:junos:14.1:r2::::::
cpe:2.3:o:juniper:junos:14.1:r3::::::
cpe:2.3:o:juniper:junos:14.1:r4::::::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:juniper:junos:13.3:::::::*
cpe:2.3:o:juniper:junos:13.3:r10::::::
cpe:2.3:o:juniper:junos:13.3:r2::::::
cpe:2.3:o:juniper:junos:13.3:r3::::::
cpe:2.3:o:juniper:junos:13.3:r4::::::
cpe:2.3:o:juniper:junos:13.3:r5::::::
cpe:2.3:o:juniper:junos:13.3:r6::::::
cpe:2.3:o:juniper:junos:13.3:r7::::::
cpe:2.3:o:juniper:junos:13.3:r8::::::
cpe:2.3:o:juniper:junos:13.3:r9::::::
cpe:2.3:o:juniper:junos:14.1:::::::*
cpe:2.3:o:juniper:junos:14.1:r1::::::
cpe:2.3:o:juniper:junos:14.1:r2::::::
cpe:2.3:o:juniper:junos:14.1:r3::::::
cpe:2.3:o:juniper:junos:14.1:r4::::::

CVE-2017-10618

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools