CVE-2017-10613 : Security Advisory and Response
Learn about CVE-2017-10613 affecting Juniper Networks Junos OS versions prior to specific releases, potentially leading to a kernel hang. Find mitigation steps and necessary updates here.
A vulnerability has been identified in the Juniper Networks Junos OS that can lead to a kernel hang due to a specific loopback filter action command.
Understanding CVE-2017-10613
This CVE affects Juniper Networks Junos OS versions prior to specific releases, potentially allowing an attacker to hang the kernel.
What is CVE-2017-10613?
The vulnerability in Juniper Networks Junos OS arises from a particular loopback filter action command. An attacker with CLI access and the ability to initiate remote sessions to the loopback interface can exploit this issue, causing the kernel to hang.
The Impact of CVE-2017-10613
- CVSS Base Score: 5.5 (Medium Severity)
- Attack Vector: Local
- Availability Impact: High
- No Confidentiality or Integrity Impact
- Low Privileges Required
- No User Interaction Required
- Scope: Unchanged
Technical Details of CVE-2017-10613
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows an attacker to hang the kernel by exploiting a specific loopback filter action command in Juniper Networks Junos OS.
Affected Systems and Versions
The following Junos OS versions are affected:
- Junos OS 12.1X46 prior to 12.1X46-D55
- Junos OS 12.3X48 prior to 12.3X48-D35
- Junos OS 14.1 prior to 14.1R8-S4, 14.1R9
- Junos OS 14.1X53 prior to 14.1X53-D40
- Junos OS 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8
- Junos OS 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4
- Junos OS 15.1X49 prior to 15.1X49-D60
- Junos OS 15.1X53 prior to 15.1X53-D47
- Junos OS 16.1 prior to 16.1R2
Exploitation Mechanism
The attacker needs CLI access and the ability to initiate remote sessions to the loopback interface with the defined action to exploit the vulnerability.
Mitigation and Prevention
Protect your systems from CVE-2017-10613 with the following measures:
Immediate Steps to Take
- Discontinue allowing remote sessions to reach loopback addresses from the local device.
Long-Term Security Practices
- Limit access to the device from trusted, administrative networks or hosts using access lists or firewall filters.
Patching and Updates
- Update to the fixed software releases: 12.1X46-D55, 12.3X48-D35, 14.1R8-S4, 14.1R9, 14.1X53-D40, 14.2R4-S9, 14.2R7-S8, 14.2R8, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D47, 16.1R2, 16.2R1, and later.
- Track the issue as PR 1167423 on the Customer Support website.
- Note that fixes for 14.1R9, 14.1X53-D40, and 14.2R8 are pending publication.