CVE-2017-2303
high-risk
Published 2017-05-30
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.
Do I need to act?
-
0.81% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/95408
Third Party Advisory
http://www.securitytracker.com/id/1037594
Vendor Advisory
https://kb.juniper.net/JSA10772
Third Party Advisory
http://www.securityfocus.com/bid/95408
Third Party Advisory
http://www.securitytracker.com/id/1037594
Vendor Advisory
https://kb.juniper.net/JSA10772
59
/ 100
high-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
30/34 · Critical