CVE-2017-10621

Summary

A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2;

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.1X46 prior to 12.1X46-D71affected
Juniper NetworksJunos OS12.3X48 prior to 12.3X48-D50affected
Juniper NetworksJunos OS14.1 prior to 14.1R8-S5, 14.1R9affected
Juniper NetworksJunos OS14.1X53 prior to 14.1X53-D50affected
Juniper NetworksJunos OS14.2 prior to 14.2R7-S9, 14.2R8affected
Juniper NetworksJunos OS15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6affected
Juniper NetworksJunos OS15.1X49 prior to 15.1X49-D90affected
Juniper NetworksJunos OS15.1X53 prior to 15.1X53-D47affected
Juniper NetworksJunos OS16.1 prior to 16.1R4-S1, 16.1R5affected
Juniper NetworksJunos OS16.2 prior to 16.2R1-S3, 16.2R2affected

Weaknesses

  • denial of service

Workarounds

Disabling the telnet service would completely mitigate this issue.

Reducing the maximum number of connections to a value between 1 and 250 would help mitigate this vulnerability. For example: user@junos# set system services telnet connection-limit 100 It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts.

ADP Enrichment

CVE Program Container

Additional References

References