Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2017-2346 Explained : Impact and Mitigation

Learn about CVE-2017-2346 affecting Juniper Networks' Junos OS on MX Series platforms. Discover the impact, affected versions, and mitigation steps for this vulnerability.

A potential problem arises with the MS-MPC or MS-MIC Service PIC when large fragmented packets pass through an Application Layer Gateway (ALG), leading to repeated crashes of the Service PC and a prolonged denial of service situation. This issue affects specific Junos OS versions on MX Series platforms.

Understanding CVE-2017-2346

This CVE involves a vulnerability in Juniper Networks' Junos OS that can result in a denial of service condition due to crashes in the MS-MPC or MS-MIC Service PIC when handling large fragmented traffic through an ALG.

What is CVE-2017-2346?

The vulnerability occurs when NAT or stateful-firewall rules with ALGs enabled encounter large fragmented packets, causing crashes in the Service PC and leading to a denial of service situation. The issue is attributed to a code change in certain Junos OS versions.

The Impact of CVE-2017-2346

        CVSS Base Score: 5.9 (Medium Severity)
        Attack Vector: Network
        Attack Complexity: High
        Availability Impact: High
        No impact on Confidentiality or Integrity
        No privileges required for exploitation

Technical Details of CVE-2017-2346

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The vulnerability in Junos OS can lead to repeated crashes of the MS-MPC or MS-MIC Service PIC, resulting in a prolonged denial of service situation when processing large fragmented packets through an ALG.

Affected Systems and Versions

The following Junos OS versions on MX Series platforms are affected:

        14.1X55 from 14.1X55-D30 to 14.1X55-D35
        14.2R from 14.2R7 to 14.2R7-S4, 14.2R8
        15.1R from 15.1R5 to 15.1R5-S2, 15.1R6
        16.1R from 16.1R2 to 16.1R3-S2, 16.1R4

Exploitation Mechanism

The vulnerability is exploited by passing large fragmented packets through an ALG with NAT or stateful-firewall rules enabled, triggering crashes in the Service PC.

Mitigation and Prevention

To address CVE-2017-2346, follow these mitigation steps:

Immediate Steps to Take

        Update to the fixed software releases: 14.1X55-D35, 14.2R7-S4, 14.2R8, 15.1R5-S2, 15.1R6, 16.1R3-S2, 16.1R4, or later
        If NAT and stateful-firewall are unnecessary, disable them in the [edit applications] stanza

Long-Term Security Practices

        Limit the attack surface by using access lists or firewall filters to restrict access to critical infrastructure networking equipment

Patching and Updates

        Regularly update Junos OS to the latest releases to ensure protection against known vulnerabilities

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now