PT-2016-1748 · Juniper Networks · Junos

Published

2016-04-15

·

Updated

2016-04-20

·

CVE-2016-1270

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 12.1X44-D60 Junos OS versions 12.1X46 prior to 12.1X46-D45 Junos OS versions 12.1X47 prior to 12.1X47-D30 Junos OS versions 12.3 prior to 12.3R9 Junos OS versions 12.3X48 prior to 12.3X48-D20 Junos OS versions 13.2 prior to 13.2R7 Junos OS versions 13.2X51 prior to 13.2X51-D40 Junos OS versions 13.3 prior to 13.3R6 Junos OS versions 14.1 prior to 14.1R4 Junos OS versions 14.2 prior to 14.2R2
Description The issue is related to the rpd daemon in Junos OS and its handling of data. It allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update, specifically when configured with BGP-based L2VPN or VPLS.
Recommendations For Junos OS versions prior to 12.1X44-D60, update to version 12.1X44-D60 or later. For Junos OS versions 12.1X46 prior to 12.1X46-D45, update to version 12.1X46-D45 or later. For Junos OS versions 12.1X47 prior to 12.1X47-D30, update to version 12.1X47-D30 or later. For Junos OS versions 12.3 prior to 12.3R9, update to version 12.3R9 or later. For Junos OS versions 12.3X48 prior to 12.3X48-D20, update to version 12.3X48-D20 or later. For Junos OS versions 13.2 prior to 13.2R7, update to version 13.2R7 or later. For Junos OS versions 13.2X51 prior to 13.2X51-D40, update to version 13.2X51-D40 or later. For Junos OS versions 13.3 prior to 13.3R6, update to version 13.3R6 or later. For Junos OS versions 14.1 prior to 14.1R4, update to version 14.1R4 or later. For Junos OS versions 14.2 prior to 14.2R2, update to version 14.2R2 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

BDU:2016-01074
CVE-2016-1270

Affected Products

Junos