CVE-2017-2304 Information

Description

Juniper Networks QFX3500 QFX3600 QFX5100 QFX5200 EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40 15.1X53 prior to 15.1X53-D40 15.1 prior to 15.1R2 do not pad Ethernet packets with zeros and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as ‘Etherleak’

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/95403 http://www.securitytracker.com/id/1037593 https://kb.juniper.net/JSA10773

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5