Improper input validation in Juniper Junos OS and Juniper Junos Space - CVE-2017-2345

Vulnerability identifier: #VU7510

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-2345

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS
Juniper Junos Space

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The weakness exists due to insufficient validation of user-supplied data. A remote attacker can send a specially crafted SNMP packet to the target routing engine, cause the snmpd daemon to crash or execute arbitrary code on the system.

Successful exploitation of the vulnerability may result in system compromise.

The vulnerability is addressed in the following versions:
12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1.

• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10793