PT-2015-2444 · Juniper Networks · Junos

Published

2015-10-19

Updated

2017-10-06

CVE-2015-7748

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Juniper chassis with Trio (Trinity) chipset line cards and Junos OS versions prior to 13.3R8 Juniper chassis with Trio (Trinity) chipset line cards and Junos OS versions prior to 14.1R6 Juniper chassis with Trio (Trinity) chipset line cards and Junos OS versions prior to 14.2R5 Juniper chassis with Trio (Trinity) chipset line cards and Junos OS versions prior to 15.1R2

Description The issue allows remote attackers to cause a denial of service, resulting in an MPC line card crash, via a crafted uBFD packet. This is due to insufficient input validation in the Junos OS.

Recommendations For versions prior to 13.3R8, update to 13.3R8 or later to resolve the issue. For versions prior to 14.1R6, update to 14.1R6 or later to resolve the issue. For versions prior to 14.2R5, update to 14.2R5 or later to resolve the issue. For versions prior to 15.1R2, update to 15.1R2 or later to resolve the issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-11809

CVE-2015-7748

Affected Products

Junos

PT-2015-2444 · Juniper Networks · Junos

CVE-2015-7748

Weakness Enumeration

Related Identifiers

Affected Products

References · 6