Home

CVE-2017-10618

Description

When the bgp-error-tolerance feature designed to help mitigate remote session resets from malformed path attributes †is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have bgp-error-tolerance configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.295

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-10618,CVE-2017-2344,CVE-2017-2345 are fixed in junos 13.3r10-s2NCM
Vulnerabilities CVE-2017-10613,CVE-2017-10615,CVE-2017-10618,CVE-2018-0004 are fixed in junos 14.1r8-s4NCM
Vulnerabilities CVE-2017-10618,CVE-2018-0001,CVE-2018-0003 are fixed in junos 14.2r7-s7NCM
Vulnerabilities CVE-2017-10611,CVE-2017-10618,CVE-2018-0001,CVE-2018-0003 are fixed in junos 15.1f5-s8NCM
Vulnerabilities CVE-2017-10618,CVE-2017-2344,CVE-2017-2345 are fixed in junos 16.1r3-s4NCM
Vulnerabilities CVE-2017-10618 are fixed in junos 16.2r1-s5NCM
Vulnerabilities CVE-2017-10618,CVE-2017-2344,CVE-2017-2345 are fixed in junos 17.1r1-s3NCM
Vulnerabilities CVE-2017-10618 are fixed in junos 17.2r1-s2NCM
CVE-2017-10618NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234