An unauthenticated network-based attacker able to send a maliciously
crafted LLDP packet to the local segment, through a local segment
broadcast, may be able to cause a Junos device to enter an improper
boundary check condition allowing a memory corruption to occur,
leading to a denial of service. Further crafted packets may be able to
sustain the denial of service condition. Score: 6.5 MEDIUM
(CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the
attacker is authenticated on the target device receiving and
processing the malicious LLDP packet, while receiving the crafted
packets, the attacker may be able to perform command or arbitrary code
injection over the target device thereby elevating their permissions
and privileges, and taking control of the device. Score: 7.8 HIGH
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated
network-based attacker able to send a maliciously crafted LLDP packet
to one or more local segments, via LLDP proxy / tunneling agents or
other LLDP through Layer 3 deployments, through one or more local
segment broadcasts, may be able to cause multiple Junos devices to
enter an improper boundary check condition allowing a memory
corruption to occur, leading to multiple distributed Denials of
Services. These Denials of Services attacks may have cascading Denials
of Services to adjacent connected devices, impacts network devices,
servers, workstations, etc. Further crafted packets may be able to
sustain these Denials of Services conditions. Score 6.8 MEDIUM
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the
attacker is authenticated on one or more target devices receiving and
processing these malicious LLDP packets, while receiving the crafted
packets, the attacker may be able to perform command or arbitrary code
injection over multiple target devices thereby elevating their
permissions and privileges, and taking control multiple devices.
Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Affected releases are Juniper Networks Junos OS: 12.1X46 versions
prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48
versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5,
14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50,
14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions
prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49
versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65;
16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to
16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to
17.1R2. No other Juniper Networks products or platforms are affected
by this issue.
|