CVE-2017-2304
Last modified
CVE-2017-2304 is a vulnerability of currently unknown severity. Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'. EPSS estimates a 1.80% chance of exploitation in the next 30 days.
Description
Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 14.1x53 |
| Juniper | Junos | 15.1 |
| Juniper | Junos | 15.1x53 |
References
- http://www.securityfocus.com/bid/95403Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037593Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10773Vendor Advisory
- http://www.securityfocus.com/bid/95403Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037593Third Party Advisory, VDB Entry
- https://kb.juniper.net/JSA10773Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2304?
How severe is CVE-2017-2304?
How do I fix CVE-2017-2304?
Are you affected by CVE-2017-2304?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST