Vulnerability Details : CVE-2015-7748
Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-7748
- cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r2-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.2:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.3:r7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.2:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.2:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1:r5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7748
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7748
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-7748
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7748
-
http://www.securitytracker.com/id/1033858
Juniper Junos Trio (Trinity) Chipset uBFD Packet Processing Flaw Lets Remote Users Cause the Target System to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10701
Juniper Networks - 2015-10 Security Bulletin: Junos: Trio Chipset (Trinity) Denial of service due to maliciously crafted uBFD packet. (CVE-2015-7748)Vendor Advisory
-
http://www.securityfocus.com/bid/101103
Juniper Junos CVE-2015-7748 Denial of Service Vulnerability
Jump to