CVE-2017-2304 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos	14.1x53
Juniper	Ex4300	-
Juniper	Ex4600	-
Juniper	Qfx3500	-
Juniper	Qfx3600	-
Juniper	Qfx5100	-
Juniper	Qfx5200	-

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/95403Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037593Third Party AdvisoryVDB Entry
https://kb.juniper.net/JSA10773Vendor Advisory
http://www.securityfocus.com/bid/95403Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037593Third Party AdvisoryVDB Entry
https://kb.juniper.net/JSA10773Vendor Advisory

FAQ

What is CVE-2017-2304?

CVE-2017-2304 is a vulnerability with a CVSS score of 7.5 (HIGH). Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet pa...

How severe is CVE-2017-2304?

CVE-2017-2304 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2304?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4300, Juniper Ex4600, Juniper Qfx3500, Juniper Qfx3600.