← Back

CVE-2017-2304

nvd nist
Published: May 30, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'

Affected (19)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
19 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Version 14.1x53
Junos
Version 14.1x53 d10
Junos
Version 14.1x53 d15
Junos
Version 14.1x53 d16
Junos
Version 14.1x53 d25
Junos
Version 14.1x53 d26
Junos
Version 14.1x53 d27
Junos
Version 14.1x53 d30
Junos
Version 14.1x53 d35
Junos
Version 15.1
Junos
Version 15.1 r1
Junos
Version 15.1x53
Junos
Version 15.1x53 d20
Junos
Version 15.1x53 d21
Junos
Version 15.1x53 d25
Junos
Version 15.1x53 d30
Junos
Version 15.1x53 d32
Junos
Version 15.1x53 d33
Junos
Version 15.1x53 d34
Running on/withPlatform Versions
Juniper
Ex4300
All versions
Juniper
Ex4600
All versions
Juniper
Qfx3500
All versions
Juniper
Qfx3600
All versions
Juniper
Qfx5100
All versions
Juniper
Qfx5200
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.