Tuesday, November 12, 2024
HomeCVE/vulnerabilityJuniper SRX Vulnerability Allows Attackers Trigger DoS Condition

Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition

Published on

Malware protection

A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE crashes and restarts upon receiving the specific traffic. 

An attacker can exploit this by continuously sending the malicious traffic, causing a sustained DoS condition and potentially impacting network resource availability. 

An unauthenticated attacker on the network could use a vulnerability in Junos OS versions starting with 21.4R1 to affect SRX Series devices by causing a Denial-of-Service (DoS) condition. 

- Advertisement - SIEM as a Service
Severity Assessment (CVSS) Score

This vulnerability, which achieves a high severity rating according to both CVSS v3 (7.5) and v4 (8.7) scoring systems, allows an attacker to crash a critical process (PFE) by sending specific valid traffic to the device, which will lead to a service outage until the device is rebooted.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

A recently discovered vulnerability in Juniper’s Junos OS for SRX Series firewalls can cause a denial-of-service (DoS) condition, which exists in the Packet Forwarding Engine (PFE) and allows an unauthenticated attacker to crash the PFE through specifically crafted valid traffic. 

All Junos OS versions on SRX devices starting from 21.4R1 (including 21.4, 22.1, 22.2, 22.3, and 22.4) are susceptible if they haven’t been patched with the following updates: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, or 22.3R3 (for 22.3).

While Juniper has not identified any active exploitation, applying the security patches is crucial to mitigating potential DoS attacks. 

Software releases 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, and 23.2R1, and all subsequent versions have been identified and resolved.

Be aware that versions 21.4R3-S7.9, 22.1R3-S5.3, and 22.2R3-S4.11 are updates of prior releases, so pay close attention to the complete version number, especially the last digits. 

The issue (1719594) identified on the Customer Support website cannot be evaluated by Juniper’s Security Incident Response Team (SIRT) because their policy excludes investigating releases that have surpassed either the End of Engineering (EOE) or the End of Life (EOL). 

The Security Incident Response Team (SIRT) inspects only software versions that are actively supported for security vulnerabilities. 

An issue was identified and documented on July 1st, 2024.

After investigation, it was determined that no temporary solutions or alternative methods (workarounds) are currently available to address this problem. This indicates that the issue is likely complex and may require a more permanent fix, such as a software patch or hardware update. 

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...