CVE-2016-1262 : Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before

Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X48 before 12.3X48-D20, and 15.1X49 before 15.1X49-D30 on SRX series devices, when the Real Time Streaming Protocol Application Layer Gateway (RTSP ALG) is enabled, allow remote attackers to cause a denial of service (flowd crash) via a crafted RTSP packet.

Published 2016-01-15 19:59:09

Updated 2016-12-03 03:20:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2016-1262

Juniper » Junos » Update D40
Versions up to, including, (<=) 12.1x46
cpe:2.3:o:juniper:junos:*:d40:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x47
cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x47 Update D10
cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x47 Update D15
cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x47 Update D20
cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.3x48 Update D10
cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 15.1x49 Update D10
cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 15.1x49 Update D20
cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.3x48 Update D15
cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-1262

EPSS FAQ

0.61%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1262

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-1262

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1262

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10721

Juniper Networks - 2016-01: Security Bulletin: Junos: SRX-Series denial of service vulnerability in flowd due to crafted RTSP packets (CVE-2016-1262)
Vendor Advisory
http://www.securitytracker.com/id/1035108

Juniper SRX-Series Junos RTSP Processing Flaw Lets Remote Users Cause the Target Service to Crash - SecurityTracker

Jump to

Vulnerability Details : CVE-2016-1262

Products affected by CVE-2016-1262

Exploit prediction scoring system (EPSS) score for CVE-2016-1262

CVSS scores for CVE-2016-1262

CWE ids for CVE-2016-1262

References for CVE-2016-1262