CVE-2017-10618 : Security Advisory and Response
Learn about CVE-2017-10618 affecting Junos OS due to BGP UPDATE vulnerability. Find out impacted versions, mitigation steps, and patching details.
Enabling the 'bgp-error-tolerance' feature in Junos OS may lead to a crash and restart of the RPD routing process due to a specific set of transitive attributes in a BGP UPDATE message.
Understanding CVE-2017-10618
This CVE involves a vulnerability in Junos OS related to BGP UPDATE messages with malformed optional transitive attributes.
What is CVE-2017-10618?
When the 'bgp-error-tolerance' feature is enabled, a crafted set of transitive attributes in a BGP UPDATE can crash and restart the RPD routing process.
The Impact of CVE-2017-10618
- CVSS Base Score: 5.9 (Medium)
- Attack Vector: Network
- Attack Complexity: High
- Availability Impact: High
- Affected Junos OS versions listed below.
Technical Details of CVE-2017-10618
This section provides detailed technical information about the vulnerability.
Vulnerability Description
Enabling 'bgp-error-tolerance' can cause RPD routing process crashes with specific BGP UPDATE attributes.
Affected Systems and Versions
- Junos OS 13.3 to 17.2X75-D50
- Specific versions detailed in the JSON data.
Exploitation Mechanism
- Vulnerability triggered by a crafted set of transitive attributes in a BGP UPDATE message.
Mitigation and Prevention
Steps to address and prevent exploitation of CVE-2017-10618.
Immediate Steps to Take
- Disable 'bgp-error-tolerance' under 'protocols bgp'.
Long-Term Security Practices
- Regularly update Junos OS to patched versions.
- Monitor for any unusual BGP UPDATE behavior.
Patching and Updates
- Updated software releases: 13.3R10-S2, 14.1R8-S4, 14.1R9, and more.
- Issue tracked as PR 1279204 on Customer Support website.