CVE-2016-1257

15.01.2016, 19:59

The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 before 13.3R8, 13.3R7 before 13.3R7-S3, 14.1R1 before 14.1R6, 14.1R3 before 14.1R3-S9, 14.1R4 before 14.1R4-S7, 14.1X51 before 14.1X51-D65, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D28, 14.1X53 before 4.1X53-D35, 14.2R1 before 14.2R5, 14.2R3 before 14.2R3-S4, 14.2R4 before 14.2R4-S1, 15.1 before 15.1R3, 15.1F2 before 15.1F2-S2, and 15.1X49 before 15.1X49-D40, when LDP is enabled, allows remote attackers to cause a denial of service (RPD routing process crash) via a crafted LDP packet.

Severity

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Atk. Vector

NETWORK

Atk. Complexity

HIGH

Priv. Required

NONE

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.2
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	13.3
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.1
juniper	junos	14.1x51
juniper	junos	14.1x51
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.1x53
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	14.2
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1
juniper	junos	15.1x49
juniper	junos	15.1x49

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10715

http://www.securitytracker.com/id/1035117

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10715

http://www.securitytracker.com/id/1035117