CVE-2017-2330

24.04.2017, 15:59

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves, until all resources are consumed on the system, leading to a denial of service to the entire system until it is restarted. Continued attacks by an unauthenticated, local user, can lead to persistent denials of services.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
juniper	northstar_controller	𝑥 ≤ 2.1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-834 - Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References

http://www.securityfocus.com/bid/97618

https://kb.juniper.net/JSA10783

http://www.securityfocus.com/bid/97618

https://kb.juniper.net/JSA10783