Juniper Junos QFX / EX Series 'Etherleak' Improper Padding Memory Disclosure (JSA10773)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a memory disclosure vulnerability.

Description :

According to its self-reported version number, the remote Juniper
Junos QFX or EX series device is affected by a memory disclosure
vulnerability, known as Etherleak, due to padding Ethernet packets
with data from previous packets instead of padding them with null
bytes. An unauthenticated, adjacent attacker can exploit this issue to
disclose portions of system memory or data from previous packets. This
issue is also often detected as CVE-2003-0001.

Note that Nessus has not tested for this issue but has instead relied
only on the device's self-reported version and model

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773

Solution :

Apply the relevant Junos software release referenced in Juniper
advisory JSA10773.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)

Family: Junos Local Security Checks

Nessus Plugin ID: 96662 ()

Bugtraq ID: 95403

CVE ID: CVE-2017-2304

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now