CVE-2017-2304

Published May 30, 2017

Last updated 6 years ago

CVSS high 7.5

Overview

Description: Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'
Source: sirt@juniper.net
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09771B8F-8B2A-4E8B-B4D3-80677697FCF3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E2F909-E1CC-45AA-ABA9-58178B751808"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AA12C5-4520-4F79-80BE-66112F7AFC2A"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "807C8110-5CC2-45F0-B094-BBF9C0B63BDD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "547E5737-D385-49B9-A69F-A3B185A34116"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ED257ED-A56B-48A6-8568-65F36FFFC753"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74500FC7-EE82-4AA8-9A5F-15DE4835E337"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE14AE1-6756-4831-A8D5-A6D07DB24AF2"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9511DD0-D910-4C29-B0E3-8F9D0531F09C"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E3B807C-196D-42B8-9042-7582A1366772"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83FEEE8F-9279-46F2-BAF9-A60537020C61"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DD0B95A-7C9F-4A18-9CD8-BA344DEFC9D4"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F294E43-73FA-4EF3-90F2-EE29C56D6573"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDDE1048-BFEA-4A3E-8270-27C538A68837"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC517CD0-FF35-498F-AD33-683B43CA3829"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F7E1C5-BFA9-426C-9F95-3EA5DB458C7E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168"
          },
          {
            "criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A"
          },
          {
            "criteria": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC"
          },
          {
            "criteria": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F4D44B0-E6CE-4380-8712-AC832DBCB424"
          },
          {
            "criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416"
          },
          {
            "criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References