CVE-2017-10618 in Junos
Summary
by MITRE
When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/03/2023
This vulnerability represents a critical denial of service flaw in Juniper Networks Junos OS that specifically targets the BGP routing protocol implementation. The issue manifests when the bgp-error-tolerance feature is enabled, which is designed to provide resilience against malformed path attributes that could otherwise cause BGP sessions to reset remotely. However, this defensive mechanism contains a fundamental flaw that can be exploited through carefully crafted BGP UPDATE messages. The vulnerability operates at the routing process level where the RPD (Routing Process Daemon) becomes unstable and crashes when processing these specific transitive attributes, leading to complete service disruption. This represents a classic case where security mitigation features inadvertently create new attack vectors that can be leveraged by malicious actors.
The technical exploitation of this vulnerability involves crafting BGP UPDATE messages with specific combinations of transitive attributes that trigger a buffer overflow or memory corruption condition within the RPD process. According to CWE classification, this vulnerability aligns with CWE-121, which describes heap-based buffer overflow conditions, and CWE-125, which covers out-of-bounds read vulnerabilities. The flaw occurs during the parsing and validation of BGP path attributes, where the system fails to properly validate the length or structure of transitive attributes before processing them. This type of vulnerability falls under the ATT&CK technique T1499.004, specifically targeting network denial of service through protocol manipulation. The vulnerability is particularly concerning because it affects multiple major release branches of Junos OS, spanning from version 13.3 through 17.2, indicating a widespread and long-standing issue in the software implementation.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise network stability and availability across critical infrastructure. When the RPD process crashes and restarts, it causes immediate disruption to BGP routing operations, leading to potential routing black holes, prefix flapping, and complete loss of connectivity for affected network segments. Network operators may experience cascading failures as routing tables become inconsistent and peers attempt to reestablish connections. The vulnerability affects devices that have BGP enabled but specifically excludes those without the bgp-error-tolerance feature configured, suggesting that organizations with proper security configurations may be protected, though this protection is not guaranteed against all attack vectors. The affected versions span multiple major Junos OS releases, indicating that this vulnerability has existed for several years and has affected numerous network deployments across different environments and use cases.
Mitigation strategies for this vulnerability should prioritize immediate patching of affected Junos OS versions to the recommended secure releases. Organizations should also implement network monitoring to detect anomalous BGP UPDATE messages that might indicate exploitation attempts, using tools that can analyze BGP attribute structures and identify malformed path attributes. Network segmentation and access controls should be strengthened to limit exposure of BGP-enabled devices to untrusted networks, implementing BGP session filtering and authentication mechanisms. Additionally, organizations should consider disabling the bgp-error-tolerance feature if it is not actively required, though this may reduce protection against other forms of BGP-related attacks. The vulnerability highlights the importance of thorough security testing of defensive features and demonstrates how security mechanisms designed to protect against one class of attacks can inadvertently create new attack surfaces that require careful analysis and testing before deployment.