CVE-2017-2315

Summary

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled12.3 prior to 12.3R12-S4, 12.3R13affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled13.3 prior to 13.3R10affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled14.1 prior to 14.1R8-S3, 14.1R9affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled14.1X53 prior ro 14.1X53-D12, 14.1X53-D40affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled14.1X55 prior to 14.1X55-D35affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled15.1 prior to 15.1R5affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled16.1 before 16.1R3affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled16.2 before 16.2R1-S3, 16.2R2affected
Juniper NetworksJunos OS on EX series Ethernet Switches with IPv6 enabled17.1R1 and all subsequent releases have a resolution for this vulnerabilityaffected

Weaknesses

  • denial of service vulnerability due to memory leak

ADP Enrichment

CVE Program Container

Additional References

References