CVE-2017-2304

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'

Published: May 30, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2304
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
juniper / junos	14.1x53-d15	14.1x53-d15.x
juniper / junos	14.1x53-d35	14.1x53-d35.x
juniper / junos	14.1x53-d10	14.1x53-d10.x
juniper / junos	14.1x53-d30	14.1x53-d30.x
juniper / junos	14.1x53-d25	14.1x53-d25.x
juniper / junos	14.1x53-d27	14.1x53-d27.x
juniper / junos	14.1x53-d16	14.1x53-d16.x
juniper / junos	14.1x53-d26	14.1x53-d26.x
juniper / junos	14.1x53	14.1x53.x
juniper / junos	15.1	15.1.x
juniper / junos	15.1-r1	15.1-r1.x
juniper / junos	15.1x53-d21	15.1x53-d21.x
juniper / junos	15.1x53	15.1x53.x
juniper / junos	15.1x53-d32	15.1x53-d32.x
juniper / junos	15.1x53-d34	15.1x53-d34.x
juniper / junos	15.1x53-d30	15.1x53-d30.x
juniper / junos	15.1x53-d33	15.1x53-d33.x
juniper / junos	15.1x53-d25	15.1x53-d25.x
juniper / junos	15.1x53-d20	15.1x53-d20.x

Vulnerability Database

290,278

CVE-2017-2304