Published: 09/09/2016 Updated: 01/09/2017

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Juniper Junos OS prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3X48 prior to 12.3X48-D30, 13.3 prior to 13.3R9, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.2 prior to 14.2R6, 15.1 prior to 15.1F6 or 15.1R3, and 15.1X49 prior to 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote malicious users to cause a denial of service (kernel panic) via a crafted ICMP packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 15.1
juniper junos 13.3
juniper junos 14.2
juniper junos 12.3x48
juniper junos 14.1x53
juniper junos 14.1
juniper junos 12.1x47
juniper junos
juniper junos 15.1x49

Juniper's bug hunters fire out eight patches

The Register • Richard Chirgwin • 14 Jul 2016

Junos OS has been put through the wringer since that nasty backdoor scandal

Juniper has fired off fixes for eight security vulnerabilities. The company has been running Junos OS through the security mill since late last year, when its now-notorious backdoor hit the headlines. Junos OS systems running either generic routing encapsulation (GRE) or IP-in-IP (IPIP) tunnels are vulnerable to a kernel crash triggered by a crafted ICMP packet. The resulting denial of service attack, CVE-2016-1277, is rated high, and present in a bunch of Junos OS revisions – three in the ver...

CVE-2016-1277

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect