cnvd - cnvd-2017-00554

cnvd-2017-00554

Vulnerability from cnvd

Title: 多款Juniper产品信息泄露漏洞

Description:

Juniper Networks QFX3500等都是美国瞻博网络（JuniperNetworks）公司的交换机产品。

多款Juniper产品存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。

Severity: 低

Patch Name: 多款Juniper产品信息泄露漏洞的补丁

Patch Description:

Juniper Networks QFX3500等都是美国瞻博网络（JuniperNetworks）公司的交换机产品。

多款Juniper产品存在信息泄露漏洞，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773&actp=RSS

Reference: http://www.securityfocus.com/bid/95403

Impacted products

Name
['Juniper Networks QFX5200 0', 'Juniper Networks QFX5100 0', 'Juniper Networks QFX3600 0', 'Juniper Networks QFX3500 0', 'Juniper Networks JUNOS 15.1X53-D35', 'Juniper Networks JUNOS 15.1X53-D30', 'Juniper Networks JUNOS 15.1X53-D20', 'Juniper Networks JUNOS 15.1R1', 'Juniper Networks JUNOS 15.1F6', 'Juniper Networks JUNOS 15.1F5-S2', 'Juniper Networks JUNOS 15.1F5', 'Juniper Networks JUNOS 15.1F4-S2', 'Juniper Networks JUNOS 15.1F4', 'Juniper Networks JUNOS 15.1F3', 'Juniper Networks JUNOS 15.1F2-S5', 'Juniper Networks JUNOS 15.1F2-S2', 'Juniper Networks JUNOS 15.1F2', 'Juniper Networks JUNOS 15.1F1', 'Juniper Networks JUNOS 15.1A2', 'Juniper Networks JUNOS 14.1X53-D35', 'Juniper Networks JUNOS 14.1X53-D30.3', 'Juniper Networks JUNOS 14.1X53-D30', 'Juniper Networks JUNOS 14.1X53-D28', 'Juniper Networks JUNOS 14.1X53-D26', 'Juniper Networks EX4600 0', 'Juniper Networks EX4300 0']

Name

['Juniper Networks QFX5200 0', 'Juniper Networks QFX5100 0', 'Juniper Networks QFX3600 0', 'Juniper Networks QFX3500 0', 'Juniper Networks JUNOS 15.1X53-D35', 'Juniper Networks JUNOS 15.1X53-D30', 'Juniper Networks JUNOS 15.1X53-D20', 'Juniper Networks JUNOS 15.1R1', 'Juniper Networks JUNOS 15.1F6', 'Juniper Networks JUNOS 15.1F5-S2', 'Juniper Networks JUNOS 15.1F5', 'Juniper Networks JUNOS 15.1F4-S2', 'Juniper Networks JUNOS 15.1F4', 'Juniper Networks JUNOS 15.1F3', 'Juniper Networks JUNOS 15.1F2-S5', 'Juniper Networks JUNOS 15.1F2-S2', 'Juniper Networks JUNOS 15.1F2', 'Juniper Networks JUNOS 15.1F1', 'Juniper Networks JUNOS 15.1A2', 'Juniper Networks JUNOS 14.1X53-D35', 'Juniper Networks JUNOS 14.1X53-D30.3', 'Juniper Networks JUNOS 14.1X53-D30', 'Juniper Networks JUNOS 14.1X53-D28', 'Juniper Networks JUNOS 14.1X53-D26', 'Juniper Networks EX4600 0', 'Juniper Networks EX4300 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95403"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2304"
    }
  },
  "description": "Juniper Networks QFX3500\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08JuniperNetworks\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10773\u0026actp=RSS",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00554",
  "openTime": "2017-01-18",
  "patchDescription": "Juniper Networks QFX3500\u7b49\u90fd\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08JuniperNetworks\uff09\u516c\u53f8\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eJuniper\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eJuniper\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks QFX5200 0",
      "Juniper Networks QFX5100 0",
      "Juniper Networks QFX3600 0",
      "Juniper Networks QFX3500 0",
      "Juniper Networks JUNOS 15.1X53-D35",
      "Juniper Networks JUNOS 15.1X53-D30",
      "Juniper Networks JUNOS 15.1X53-D20",
      "Juniper Networks JUNOS 15.1R1",
      "Juniper Networks JUNOS 15.1F6",
      "Juniper Networks JUNOS 15.1F5-S2",
      "Juniper Networks JUNOS 15.1F5",
      "Juniper Networks JUNOS 15.1F4-S2",
      "Juniper Networks JUNOS 15.1F4",
      "Juniper Networks JUNOS 15.1F3",
      "Juniper Networks JUNOS 15.1F2-S5",
      "Juniper Networks JUNOS 15.1F2-S2",
      "Juniper Networks JUNOS 15.1F2",
      "Juniper Networks JUNOS 15.1F1",
      "Juniper Networks JUNOS 15.1A2",
      "Juniper Networks JUNOS 14.1X53-D35",
      "Juniper Networks JUNOS 14.1X53-D30.3",
      "Juniper Networks JUNOS 14.1X53-D30",
      "Juniper Networks JUNOS 14.1X53-D28",
      "Juniper Networks JUNOS 14.1X53-D26",
      "Juniper Networks EX4600 0",
      "Juniper Networks EX4300 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95403",
  "serverity": "\u4f4e",
  "submitTime": "2017-01-16",
  "title": "\u591a\u6b3eJuniper\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-2304 (GCVE-0-2017-2304)

Vulnerability from cvelistv5

Published

2017-05-30 14:00

Modified

2024-08-05 13:48

Severity ?

CWE

information leak

Summary

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'

References

▼	URL	Tags
	http://www.securitytracker.com/id/1037593	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/95403	vdb-entry, x_refsource_BID
	https://kb.juniper.net/JSA10773	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices	Version: 14.1X53 prior to 14.1X53-D40 Version: 15.1X53 prior to 15.1X53-D40 Version: 15.1 prior to 15.1R2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037593",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037593"
          },
          {
            "name": "95403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95403"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10773"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "14.1X53 prior to 14.1X53-D40"
            },
            {
              "status": "affected",
              "version": "15.1X53 prior to 15.1X53-D40"
            },
            {
              "status": "affected",
              "version": "15.1 prior to 15.1R2"
            }
          ]
        }
      ],
      "datePublic": "2017-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-26T09:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "name": "1037593",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037593"
        },
        {
          "name": "95403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95403"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10773"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.1X53 prior to 14.1X53-D40"
                          },
                          {
                            "version_value": "15.1X53 prior to 15.1X53-D40"
                          },
                          {
                            "version_value": "15.1 prior to 15.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037593",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037593"
            },
            {
              "name": "95403",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95403"
            },
            {
              "name": "https://kb.juniper.net/JSA10773",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10773"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2304",
    "datePublished": "2017-05-30T14:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted