Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.
Description
An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.
Continued receipt and processing of these specific packets will sustain the DoS condition.
This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2
An indicator of compromise will indicate the SPC3 SPUs utilization has spiked.
For example: user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage
Affected products
2<22.2R3-S6, >=22.4 <22.4R3-S4, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S4, >=24.2 <24.2R1-S2, 24.2R2+ 1 more
- (no CPE)range: <22.2R3-S6, >=22.4 <22.4R3-S4, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S4, >=24.2 <24.2R1-S2, 24.2R2
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- supportportal.juniper.net/JSA96459mitrevendor-advisory
News mentions
0No linked articles in our index yet.