18.7 C
London
Saturday, August 19, 2017

JSA10732 – 2016-04 Security Bulletin: ScreenOS: Malformed SSL/TLS packet causes Denial...

2016-04 Security Bulletin: ScreenOS: Malformed SSL/TLS packet causes Denial of Service (CVE-2016-1268)Product Affected:This issue affects any products and platforms running ScreenOS versions 6.3.0r19b and earlier releases. Problem:A specially crafted m...

JSA10727 – 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities...

2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space (CVE-2016-1265) Product Affected:These issues can affect any product or platform running Junos Space before 15.2R1. Problem:Multiple privilege escalation vulnerabilities using various attack methods have been addressed in Junos Space 15.2R1.  Exploitation of these vulnerabilities may potentially allow a remote unauthenticated network based attacker with access to Junos Space to execute arbitrary code on Junos Space or gain access to devices managed by Junos Space.  Attack vectors include: cross site request forgeries (CSRF), default authentication credentials, information leak and command injection.

This set of privilege escalation vulnerabilities were found during internal product testing and have been assigned CVE-2016-1265.

Additionally, the Oracle Java runtime was upgraded to 1.7.0 update 85 (from 1.7.0 update 79) which resolves the following vulnerabilities: CVE CVSS v2 base score Summary CVE-2015-4748 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. CVE-2015-2601 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-2613 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-2659 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. CVE-2015-2808 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. CVE-2015-4000 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVE-2015-4749 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. CVE-2015-2625 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. Solution:The following software releases have been updated to resolve this specific issue: Junos Space 15.2R1 (released March 17, 2016) and all subsequent releases.This issues are being tracked as PR 1134808, 960740, 975433, 975434, 975459, 975460, 975514, 983937, 983943, 983944, 983948, 983953, 983956, 999051, 1114551 and are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:Limit access to Junos Space from only trusted networksUse administrative jump boxes with no internet access and employ anti-scripting techniques.In addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the devices administrative interfaces only from trusted, administrative networks or hosts. Implementation:How to obtain fixed software:Junos Space Maintenance Releases are available at http://support.juniper.net from the "Download Software" links. If a Maintenance Release is not adequate and access to Junos Space patches is needed, open a customer support case. A JTAC engineer will review your request and respond, ensuring that you will be provided with the most appropriate Patch Release for your specific situation.Modification History: 2016-04-13: Initial publication2016-04-21: Reformatted Problem section to clarify the consolidated set of privilege escalation vulnerabilities Related Links: CVSS Score:6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) Risk Level:None Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10736 – 2016-04 Security Bulletin: Junos: Manipulating TCP timestamps can lead...

2016-04 Security Bulletin: Junos: Manipulating TCP timestamps can lead to resource exhaustion denial of service (CVE-2016-1269)Product Affected:This issue can affect any product or platform running Junos OS. Problem:By manipulating TCP timestamps withi...

JSA10733 – 2016-04 Security Bulletin: ScreenOS: Multiple Vulnerabilities in OpenSSL

Product Affected:These issues can affect any product or platform running ScreenOS prior to 6.3.0r22Problem:Following vulnerabilities in OpenSSL software included with ScreenOS have been addressed in ScreenOS 6.3.0 r22: CVE CVSS v2 base score Summary CVE-2015-1791 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL that can cause a denial of service. CVE-2015-1790 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL allows remote attackers to cause a denial of service via a crafted PKCS#7 blob. CVE-2015-1789 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL allows remote attackers to cause a denial of service via a crafted length field in ASN1_TIME data. CVE-2015-3195 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) The ASN1_TFLG_COMBINE implementation in OpenSSL mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. Solution:The following software releases have been updated to resolve this specific issue: ScreenOS 6.3.0 r22 (released April 6, 2016) and all subsequent releases.These issues are being tracked as PR 1100194 and 1144749 and are visible on the Customer Support website. Workaround:There are no known workarounds for these issues. Implementation: How to obtain fixed software:Software release Service Packages are available at http://support.juniper.net from the "Download Software" links.
Select your appropriate Selected Products, or browse by Series or Technology, once you find the appropriate fixed version(s) for your needed platform download and apply the updated version(s) of choice. Modification History: 2016-04-13: Initial publication Related Links:CVSS Score:5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Risk Level:Medium Risk Assessment:The CVSS risk score has been determined for the worst case impact of these issues on ScreenOS. Acknowledgements:

JSA10734 – 2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and...

2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and Buffer Overflow in roaming support (CVE-2016-0777, CVE-2016-0778) Product Affected:These issues can affect any product or platform running Junos OS. Problem:CVE-2016-0777 and CVE-2016-0778 were released by Qualys and cross-announced by OpenSSH on 2016-01-14.A brief summary of the issue from the announcement follow, full details are available at:https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt "Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session.Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow (heap-based)."The attack vector leading to potential compromise in these scenarios relates to a session initated from a Junos OS device using the SSH client to an external SSH server.No ScreenOS products or platforms are affected by these issues.Juniper continues to investigate other products and services.  As investigations are completed this JSA will be updated.These issues have been assigned CVE-2016-0777 and CVE-2016-0778. Solution:The following software releases have been updated to resolve these specific issues with the SSH client: Junos OS 12.1X46-D45, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D30, 13.3R9, 14.1R7, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40 and all subsequent releases.These issues are being tracked and are visible on the Customer Support website under the following PR: 1154016KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. Workaround:It is good security practice to connect only to known, trusted, SSH servers from critical infrastructure networking equipment. Use outgoing access lists or egress firewall filters to limit access from sensitive network devices to only trusted, administrative networks or hosts. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-04-13: Initial publication2016-05-04: Added 12.1X46-D51 to list of fixed releases.            Note: 12.1X46-D50 does not include this fix. Related Links: CVSS Score:5.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) Risk Level:Medium Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: 

JSA10747 – 2016-04 Security Bulletin: QFX Series: PFE panic while processing...

2016-04 Security Bulletin: QFX Series: PFE panic while processing VXLAN packets (CVE-2016-1274)Product Affected:This issue only affects QFX Series devices running Junos OS 14.1X53. Problem: A vulnerability in handling high rate of certain VXLAN packets...

JSA10746 – 2016-04 Security Bulletin: QFX Series: Insufficient entropy on QFX...

QFX series devices may have insufficient entropy.

This can affect system mechanisms that depend on high-quality random numbers such as encryption and authentication. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue has been assigned CVE-2016-1273. The following software releases have been updated to resolve this specific issue: Junos OS 13.2X51-D40, 14.1X53-D30, 15.1X53-D20 and all subsequent releases.This issue is being tracked as PR 1075067 and is visible on the Customer Support website.There are no known workarounds for this issue.Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-04-13: Initial publication

JSA10737 – 2016-04 Security Bulletin: Junos: RPD cores on receiving a...

2016-04 Security Bulletin: Junos: RPD cores on receiving a crafted L2VPN family BGP update (CVE-2016-1270)Product Affected:This issue can affect any product or platform running Junos OS with family BGP based L2VPN and/or VPLS configured Problem:Upon re...

JSA10743 – 2016-04 Security Bulletin: Junos: Multiple vulnerabilities in cURL and...

Product Affected:This issue can affect any product or platform running Junos OS.Problem:Multiple vulnerabilities in Junos OS have been resolved by updating cURL and libcurl library.

These are used to support downloading updates or importing data into a Junos device.Libcurl and cURL were upgraded from 7.36.0 to 7.42.1 which resolves the following vulnerabilities: CVE CVSS v2 base score Summary CVE-2015-3144 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." CVE-2015-3145 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. CVE-2014-8151 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-3613 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. CVE-2014-3620 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. CVE-2015-3143 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3148 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3153 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. CVE-2014-3707 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CVE-2014-8150 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. CVE-2014-0015 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. Solution: The following software releases have been updated to resolve this specific issue:   12.1X46-D50 (pending release), 12.1X47-D40 (pending release), 12.3R11, 12.3X48-D30 (to be released by end of April, 2016), 13.2R9, 13.2X51-D39, 13.2X51-D40, 13.3R8, 14.1R6, 14.1X53-D30, 14.2R5, 15.1R2, 15.1X49-D40, 15.1X53-D35 and all subsequent releases. These issue was tracked as PR 1068204 and is visible on the Customer Support website. Workaround:Avoid using untrusted URLs to fetch updates or to import data into a Junos device. Implementation:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-04-13: Initial publication Related Links:CVSS Score:7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements:

JSA10735 – 2016-04 Security Bulletin: CTP Series: Multiple vulnerabilities in CTP...

CVE CVSS v2 base score Summary CVE-2010-1168 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and...

JSA10739 – 2016-04 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in...

These issues can affect any product or platform running Junos OS.Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow root access to the operating system.

This may allow any user with per...

JSA10749 – IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability...

This issue may affect any product or platform running Junos OS.A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet to be accepted by the router rather than discarded.  The crafted packet, destined to the router, will then be processed by the routing engine (RE).  A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the RE CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out.Note that this is similar to the router's response to any purposeful malicious IPv6 ND flood destined to the router.

The difference is that the crafted packet identified in the vulnerability is such that the forwarding controllers/ASICs should disallow this traffic from reaching the RE for further processing.

Additionally, due to the routable nature of the crafted IPv6 ND packet, the attack may be launched from beyond the local broadcast domain.This issue has been assigned CVE-2016-1409.Internal investigation has uncovered three separate issues with IPv6 Neighbor Discovery processing in Junos:  QFX5100 exceptions transit IPv6 ND traffic to RE ​PR 1183115 logged to resolve this issue in a future release. Junos routers forward IPv6 ND traffic in violation of RFC4861 PRs 1183124 (QFX), 1188939 (MX), 1188949 (PTX) logged to investigate this issue. Junos routers fail to discard non-RFC4861-compliant IPv6 ND traffic destined to the router (CVE-2016-1409) PRs 1183124 (QFX), 1188939 (MX), 1188949 (PTX) Note that only MX, PTX, and QFX have been confirmed to experience this behavior.  Other platforms are still under investigation.Juniper Networks will update this advisory once fixes are available.Refer to KB16613 for additional information about the Juniper Networks SIRT Quarterly Security Bulletin Publication Process."While no complete workaround currently exists for this issue, especially for adjacent network attacks from the local broadcast domain, security best current practices (BCPs) of filtering all ND traffic at the edge, destined to network infrastructure equipment, should be employed to limit the malicious attack surface of the vulnerability.  Examples include:Interface and/or control plane firewall filters may be used to stop propagation of NDP traffic beyond connected devices.

Devices that support the hop-limit option can utilize the following interface filter design: user@junos# show firewall family inet6 NDP filter NDP { term PERMIT_LOCAL_ICMP { from { next-header icmp6; hop-limit 255; } then { count PERMIT_LOCAL_ICMP; accept; } } term REJECT_NETWORK_ICMP { from { next-header icmpv6; icmp-type [ neighbor-advertisement neighbor-solicit router-solicit router-advertisement redirect ]; } then { count REJECT_NETWORK_ICMP; discard; } } term PERMIT_ALL { then accept; } } Sample Protect_RE filter: user@junos# show firewall family inet6 IPV6_PROTECT_RE filter IPV6_PROTECT_RE { term ICMPV6_TRUSTED { from { source-prefix-list { IPV6_REMOTE_ACCESS; } next-header icmpv6; } then accept; } term IPV6_ND_LOCAL { from { next-header icmpv6; hop-limit 255; } then accept; } term ICMPV6 { from { next-header icmpv6; icmp-type [ echo-request echo-reply time-exceeded destination-unreachable packet-too-big parameter-problem ]; } then accept; } }​ Devices that do not support the 'hop-limit' option will require a slightly more complicated interface filter design: user@junos# show firewall family inet6 NDP filter NDP { term PERMIT_VALID_ICMP { from { destination-address { fe80::/10; ff02::/123; ff02:0:0:0:0:1:ff00::/104; } } then { count PERMIT_VALID_ICMP; accept; } } term PERMIT_VALID_ICMP_LOCAL { from { source-address { x:x:x:x::/64; } destination-address { x:x:x:x::/64; } next-header icmp6; } then { count PERMIT_VALID_ICMP_LOCAL; accept; } } term REJECT_INVALID_ICMP { from { next-header icmpv6; icmp-type [ neighbor-advertisement neighbor-solicit router-solicit router-advertisement redirect ]; } then { count REJECT_INVALID_ICMP; discard; } } } and Protect_RE filter design:​ user@junos# show firewall family inet6 IPV6_PROTECT_RE filter IPV6_PROTECT_RE { term ICMPV6_TRUSTED { from { source-prefix-list { IPV6_REMOTE_ACCESS; } next-header icmpv6; } then accept; } term IPV6_ND { from { destination-address { fe80::/10; ff02::/123; ff02:0:0:0:0:1:ff00::/104; } } then accept; } term IPV6_ND_LOCAL { from { source-address { x:x:x:x::/64; } destination-address { x:x:x:x::/64; } next-header icmp6; } then accept; } term ICMPV6 { from { next-header icmpv6; icmp-type [ echo-request echo-reply time-exceeded destination-unreachable packet-too-big parameter-problem ]; } then accept; } term OTHER { then { count DROP; discard; } } } Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."