CVE-2016-1277
Last modified
CVE-2016-1277 is a vulnerability of currently unknown severity. Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | <= 12.1x46 | D45 |
| Juniper | Junos | 12.1x47 | — |
| Juniper | Junos | 12.3x48 | D10 |
| Juniper | Junos | 13.3 | — |
| Juniper | Junos | 14.1 | — |
| Juniper | Junos | 14.1x53 | — |
| Juniper | Junos | 14.2 | R1 |
| Juniper | Junos | 15.1 | F2 |
| Juniper | Junos | 15.1x49 | D10 |
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10752Mitigation, Vendor Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10752Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1277?
How severe is CVE-2016-1277?
How do I fix CVE-2016-1277?
Are you affected by CVE-2016-1277?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST