Description

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Related CPE's

o

juniper

junos

45

h

juniper

srx100

-

h

juniper

srx110

-

h

juniper

srx1400

-

h

juniper

srx1500

-

h

juniper

srx1600

-

h

juniper

srx210

-

h

juniper

srx220

-

h

juniper

srx2300

-

h

juniper

srx240

-

h

juniper

srx240h2

-

h

juniper

srx240m

-

h

juniper

srx300

-

h

juniper

srx320

-

h

juniper

srx340

-

h

juniper

srx3400

-

h

juniper

srx345

-

h

juniper

srx3600

-

h

juniper

srx380

-

h

juniper

srx4000

-

h

juniper

srx4100

-

h

juniper

srx4200

-

h

juniper

srx4300

-

h

juniper

srx4600

-

h

juniper

srx4700

-

h

juniper

srx5000

-

h

juniper

srx5400

-

h

juniper

srx550

-

h

juniper

srx550_hm

-

h

juniper

srx550m

-

h

juniper

srx5600

-

h

juniper

srx5800

-

h

juniper

srx650

-

References

https://supportportal.juniper.net/JSA82988

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-134

[email protected]

Secondary
CWE-134

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-11T16:15:04.343

3 months ago

Last modified

2024-09-23T14:08:47.240

4 weeks ago