If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if 'extended-statistics' are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53-D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1-S3, 17.2R2 on MX Series; 17.2X75 prior to 17.2X75-D50 on MX Series; 17.3 prior to 17.3R1-S1, 17.3R2 on MX Series. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-10611
MEDIUMNVD 6.55.9▼
EchelonGraph scoreMEDIUM confidence
Score 5.9 from GitHub Security Advisory published 2022-05-13. NVD baseline CVSS 6.5; sources differ by 0.6.
Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
6.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
- Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 1%CVSS: 6.5Exploit: NoneExposed: 0
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 6.5
- EG Score
- 5.9(medium)
- EPSS
- 54.8%
- KEV
- Not listed
Published
October 13, 2017
Last Modified
May 13, 2026
References (2)
- sirt@juniperhttps://kb.juniper.net/JSA10814
- af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA10814
Data Freshness Timeline
(refreshed 10× in last 7d / 37× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-07 13:42 UTCEPSS rescore
- 2026-07-06 16:24 UTCEPSS rescore
- 2026-07-06 16:24 UTCEPSS rescore
- 2026-07-06 02:20 UTCEPSS rescore
- 2026-07-06 02:20 UTCEPSS rescore
- 2026-07-05 02:27 UTCEPSS rescore
- 2026-07-04 06:28 UTCEPSS rescore
- 2026-07-01 15:02 UTCEPSS rescore
- 2026-06-30 23:19 UTCEPSS rescore
- 2026-06-30 23:19 UTCEPSS rescore
- 2026-06-29 14:03 UTCEPSS rescore
- 2026-06-28 14:04 UTCEPSS rescore
- 2026-06-28 04:53 UTCEPSS rescore
- 2026-06-27 03:05 UTCEPSS rescore
- 2026-06-25 13:47 UTCEPSS rescore
- 2026-06-24 14:02 UTCEPSS rescore
- 2026-06-23 21:30 UTCEPSS rescore
- 2026-06-22 14:23 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-18 17:50 UTCEPSS rescore
Show 48 moreShow fewer
- 2026-06-18 17:50 UTCEPSS rescore
- 2026-06-17 17:50 UTCEPSS rescore
- 2026-06-17 17:50 UTCEPSS rescore
- 2026-06-16 17:50 UTCEPSS rescore
- 2026-06-15 17:45 UTCEPSS rescore
- 2026-06-14 23:14 UTCEPSS rescore
- 2026-06-14 23:14 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-12 23:09 UTCEPSS rescore
- 2026-06-11 13:57 UTCEPSS rescore
- 2026-06-08 14:14 UTCEPSS rescore
- 2026-06-07 15:22 UTCEPSS rescore
- 2026-06-07 15:22 UTCEPSS rescore
- 2026-06-06 13:45 UTCEPSS rescore
- 2026-06-06 13:45 UTCEPSS rescore
- 2026-06-05 22:44 UTCEPSS rescore
- 2026-06-05 06:08 UTCEPSS rescore
- 2026-06-05 06:08 UTCEPSS rescore
- 2026-06-04 13:10 UTCEPSS rescore
- 2026-06-04 13:10 UTCEPSS rescore
- 2026-06-02 20:10 UTCEPSS rescore
- 2026-06-01 13:49 UTCEPSS rescore
- 2026-06-01 13:49 UTCEPSS rescore
- 2026-05-31 22:28 UTCEPSS rescore
- 2026-05-31 22:28 UTCEPSS rescore
- 2026-05-31 00:14 UTCEPSS rescore
- 2026-05-29 13:41 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-27 13:38 UTCEPSS rescore
- 2026-05-27 13:38 UTCEPSS rescore
- 2026-05-26 13:42 UTCEPSS rescore
- 2026-05-26 13:42 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-24 16:44 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-22 08:59 UTCEG score recompute
- 2026-05-22 08:59 UTCGHSA enrichment
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 21:03 UTCOSV refresh
- 2026-05-20 11:21 UTCEPSS rescore
- 2026-05-20 11:21 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
- 2026-05-18 21:30 UTCEPSS rescore
Frequently asked(5)
What is CVE-2017-10611?
CVE-2017-10611 is a medium vulnerability published on October 13, 2017. If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended…
When was CVE-2017-10611 disclosed?
CVE-2017-10611 was first published in the National Vulnerability Database on October 13, 2017, with the most recent update on May 13, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2017-10611 actively exploited?
CVE-2017-10611 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 54.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2017-10611?
CVE-2017-10611 has a CVSS v3 base score of 6.5 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 5.9.
How do I remediate CVE-2017-10611?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2017-10611, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2017-10611
Is Your Infrastructure Affected by CVE-2017-10611?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.