Wednesday, November 6, 2024
HomeCVE/vulnerabilityJuniper SRX Vulnerability Allows Attackers Trigger DoS Condition

Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition

Published on

Malware protection

A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE crashes and restarts upon receiving the specific traffic. 

An attacker can exploit this by continuously sending the malicious traffic, causing a sustained DoS condition and potentially impacting network resource availability. 

An unauthenticated attacker on the network could use a vulnerability in Junos OS versions starting with 21.4R1 to affect SRX Series devices by causing a Denial-of-Service (DoS) condition. 

- Advertisement - SIEM as a Service
Severity Assessment (CVSS) Score

This vulnerability, which achieves a high severity rating according to both CVSS v3 (7.5) and v4 (8.7) scoring systems, allows an attacker to crash a critical process (PFE) by sending specific valid traffic to the device, which will lead to a service outage until the device is rebooted.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

A recently discovered vulnerability in Juniper’s Junos OS for SRX Series firewalls can cause a denial-of-service (DoS) condition, which exists in the Packet Forwarding Engine (PFE) and allows an unauthenticated attacker to crash the PFE through specifically crafted valid traffic. 

All Junos OS versions on SRX devices starting from 21.4R1 (including 21.4, 22.1, 22.2, 22.3, and 22.4) are susceptible if they haven’t been patched with the following updates: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, or 22.3R3 (for 22.3).

While Juniper has not identified any active exploitation, applying the security patches is crucial to mitigating potential DoS attacks. 

Software releases 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, and 23.2R1, and all subsequent versions have been identified and resolved.

Be aware that versions 21.4R3-S7.9, 22.1R3-S5.3, and 22.2R3-S4.11 are updates of prior releases, so pay close attention to the complete version number, especially the last digits. 

The issue (1719594) identified on the Customer Support website cannot be evaluated by Juniper’s Security Incident Response Team (SIRT) because their policy excludes investigating releases that have surpassed either the End of Engineering (EOE) or the End of Life (EOL). 

The Security Incident Response Team (SIRT) inspects only software versions that are actively supported for security vulnerabilities. 

An issue was identified and documented on July 1st, 2024.

After investigation, it was determined that no temporary solutions or alternative methods (workarounds) are currently available to address this problem. This indicates that the issue is likely complex and may require a more permanent fix, such as a software patch or hardware update. 

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...