2017-07-17 15:18:24 2019-10-10 01:26:45

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Juniper Junos 15.1x53 D34 (not an official CPE) Juniper Junos 15.1x53 D33 (not an official CPE) Juniper Junos 15.1x53 D32 (not an official CPE) Juniper Junos 15.1x53 D30 (not an official CPE) Juniper Junos 15.1x53 D25 (not an official CPE) Juniper Junos 15.1x53 D230 (not an official CPE) Juniper Junos 15.1x53 D210 (not an official CPE) Juniper Junos 15.1x53 D21 (not an official CPE) Juniper Junos 15.1x53 D20 (not an official CPE) Juniper Junos 15.1x53 D10 (not an official CPE) Juniper Junos 15.1x53 (not an official CPE) Juniper Junos 15.1x49 D90 (not an official CPE) Juniper Junos 15.1x49 D80 (not an official CPE) Juniper Junos 15.1x49 D75 (not an official CPE) Juniper Junos 15.1x49 D70 (not an official CPE) Juniper Junos 15.1x49 D65 (not an official CPE) Juniper Junos 15.1x49 D60 (not an official CPE) Juniper Junos 15.1x49 D55 (not an official CPE) Juniper Junos 15.1x49 D50 (not an official CPE) Juniper Junos 15.1x49 D45 (not an official CPE) Juniper Junos 15.1x49 D40 (not an official CPE) Juniper Junos 15.1x49 D35 (not an official CPE) Juniper Junos 15.1x49 D30 (not an official CPE) Juniper Junos 15.1x49 D20 (not an official CPE) Juniper Junos 15.1x49 D110 (not an official CPE) Juniper Junos 15.1x49 D10 (not an official CPE) Juniper Junos 15.1x49 (not an official CPE) Juniper Junos 15.1 R7 (not an official CPE) Juniper Junos 15.1 R6-s1 (not an official CPE) Juniper Junos 15.1 R5-s5 (not an official CPE) Juniper Junos 15.1 R4-s8 (not an official CPE) Juniper Junos 15.1 R4 (not an official CPE) Juniper Junos 15.1 F6-s7 (not an official CPE) Juniper Junos 15.1 F2-s4 (not an official CPE) Juniper Junos 15.1 F2-s3 (not an official CPE) Juniper Junos 15.1 F2-s2 (not an official CPE) Juniper Junos 15.1 F2-s1 (not an official CPE) Juniper Junos 15.1 F2 (not an official CPE) Juniper Junos 15.1 F1 (not an official CPE) Juniper Junos 15.1 (not an official CPE) Juniper Junos 14.2 R8 (not an official CPE) Juniper Junos 14.2 R7-s7 (not an official CPE) Juniper Junos 14.2 R7 (not an official CPE) Juniper Junos 14.2 R6 (not an official CPE) Juniper Junos 14.2 R5 (not an official CPE) Juniper Junos 14.2 R4 Juniper Junos 14.2 R3 Juniper Junos 14.2 R2 Juniper Junos 14.2 R1 Juniper Junos 14.2 (not an official CPE) Juniper Junos 14.1x53 D50 (not an official CPE) Juniper Junos 14.1x53 D44 (not an official CPE) Juniper Junos 14.1x53 D43 (not an official CPE) Juniper Junos 14.1x53 D42 (not an official CPE) Juniper Junos 14.1x53 D40 (not an official CPE) Juniper Junos 14.1x53 D35 (not an official CPE) Juniper Junos 14.1x53 D30 (not an official CPE) Juniper Junos 14.1x53 D27 (not an official CPE) Juniper Junos 14.1x53 D26 (not an official CPE) Juniper Junos 14.1x53 D25 (not an official CPE) Juniper Junos 14.1x53 D16 (not an official CPE) Juniper Junos 14.1x53 D15 (not an official CPE) Juniper Junos 14.1x53 D121 (not an official CPE) Juniper Junos 14.1x53 D10 (not an official CPE) Juniper Junos 14.1x53 (not an official CPE) Juniper Junos 14.1X50 Juniper Junos 14.1 R9 (not an official CPE) Juniper Junos 14.1 R7 (not an official CPE) Juniper Junos 14.1 R6 (not an official CPE) Juniper Junos 14.1 R5 Juniper Junos 14.1 R4 (not an official CPE) Juniper Junos 14.1 R3 Juniper Junos 14.1 R2 Juniper JUNOS 14.1R1 Juniper JUNOS 14.1 Juniper Junos 13.3 R9 (not an official CPE) Juniper Junos 13.3 R8 (not an official CPE) Juniper Junos 13.3 R7 Juniper JUNOS 13.3 R6 Juniper Junos 13.3 R5 Juniper Junos 13.3 R4 Juniper Junos 13.3 R3 Juniper JUNOS 13.3R2-S2 Juniper Junos 13.3 R2 Juniper Junos 13.3 R1 Juniper JUNOS 13.3 Juniper Junos 12.3x48 D55 (not an official CPE) Juniper Junos 12.3x48 D50 (not an official CPE) Juniper Junos 12.3x48 D45 (not an official CPE) Juniper Junos 12.3x48 D40 (not an official CPE) Juniper Junos 12.3x48 D35 (not an official CPE) Juniper Junos 12.3x48 D30 (not an official CPE) Juniper Junos 12.3x48 D25 (not an official CPE) Juniper Junos 12.3x48 D20 (not an official CPE) Juniper Junos 12.3x48 D15 (not an official CPE) Juniper Junos 12.3x48 D10 (not an official CPE) Juniper Junos 12.3x48 (not an official CPE) Juniper Junos 12.1x46 D65 (not an official CPE) Juniper Junos 12.1x46 D60 (not an official CPE) Juniper Junos 12.1x46 D55 (not an official CPE) Juniper Junos 12.1x46 D50 (not an official CPE) Juniper Junos 12.1x46 D45 (not an official CPE) Juniper Junos 12.1x46 D40 (not an official CPE) Juniper Junos 12.1x46 D35 (not an official CPE) Juniper Junos 12.1x46 D30 (not an official CPE) Juniper Junos 12.1x46 D25 Juniper JUNOS 12.1X46-D20 Juniper Junos 12.1x46 D15 Juniper Junos 12.1x46 D10 Juniper JUNOS 12.1X46 Juniper Junos 15.1x53 D47 (not an official CPE) Juniper Junos 15.1x53 D48 (not an official CPE) Juniper Junos 15.1x53 D57 (not an official CPE) Juniper Junos 15.1x53 D60 (not an official CPE) Juniper Junos 15.1x53 D61 (not an official CPE) Juniper Junos 15.1x53 D62 (not an official CPE) Juniper Junos 15.1x53 D63 (not an official CPE) Juniper Junos 15.1x53 D64 (not an official CPE) Juniper Junos 15.1x53 D70 (not an official CPE) Juniper Junos 16.1 (not an official CPE) Juniper Junos 16.1 R1 (not an official CPE) Juniper Junos 16.1 R2 (not an official CPE) Juniper Junos 16.1 R3 (not an official CPE) Juniper Junos 16.1 R4-s3 (not an official CPE) Juniper Junos 16.1 R4-s4 (not an official CPE) Juniper Junos 16.1 R5 (not an official CPE) Juniper Junos 16.2 (not an official CPE) Juniper Junos 16.2 R1 (not an official CPE) Juniper Junos 16.2 R3 (not an official CPE) Juniper Junos 17.1 (not an official CPE) Juniper Junos 17.1 R1 (not an official CPE) Juniper Junos 17.1 R2 (not an official CPE) Juniper Junos 17.1 R3 (not an official CPE) Juniper Junos 17.2 (not an official CPE) Juniper Junos 17.2 R1 (not an official CPE) Juniper Junos 17.2 R2 (not an official CPE) Juniper Junos 17.2x75 (not an official CPE)
Advisory Patch Confirmed Link
1038903
https://kb.juniper.net/JSA10793
99567

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)