Home

CVE-2017-2302

Description

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with send option or with both send and receive options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.808

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-10608,CVE-2017-10613,CVE-2017-2302 are fixed in junos 12.1x46-d55NCM
Vulnerabilities CVE-2016-4922,CVE-2017-2302 are fixed in junos 12.1x47-d45NCM
Vulnerabilities CVE-2017-2302,CVE-2017-2303,CVE-2017-2314,CVE-2017-2315 are fixed in junos 12.3r12-s4NCM
Multiple Vulnerabilities are fixed in junos 12.3x48-d35NCM
Vulnerabilities CVE-2017-2302,CVE-2017-2341,CVE-2018-0005,CVE-2018-0060 are fixed in junos 14.1x53-d40NCM
Vulnerabilities CVE-2017-2302,CVE-2017-2303,CVE-2017-2346 are fixed in junos 14.1x55-d35NCM
Multiple Vulnerabilities are fixed in junos 15.1r1NCM
Multiple Vulnerabilities are fixed in junos 15.1x49-d20NCM
CVE-2017-2302NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1
PATCH-1704488Security Update for junos 9.2r1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234