Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition

A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE crashes and restarts upon receiving the specific traffic. 

An attacker can exploit this by continuously sending the malicious traffic, causing a sustained DoS condition and potentially impacting network resource availability. 

An unauthenticated attacker on the network could use a vulnerability in Junos OS versions starting with 21.4R1 to affect SRX Series devices by causing a Denial-of-Service (DoS) condition. 

This vulnerability, which achieves a high severity rating according to both CVSS v3 (7.5) and v4 (8.7) scoring systems, allows an attacker to crash a critical process (PFE) by sending specific valid traffic to the device, which will lead to a service outage until the device is rebooted.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

A recently discovered vulnerability in Juniper’s Junos OS for SRX Series firewalls can cause a denial-of-service (DoS) condition, which exists in the Packet Forwarding Engine (PFE) and allows an unauthenticated attacker to crash the PFE through specifically crafted valid traffic. 

All Junos OS versions on SRX devices starting from 21.4R1 (including 21.4, 22.1, 22.2, 22.3, and 22.4) are susceptible if they haven’t been patched with the following updates: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, or 22.3R3 (for 22.3).

While Juniper has not identified any active exploitation, applying the security patches is crucial to mitigating potential DoS attacks. 

Software releases 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, and 23.2R1, and all subsequent versions have been identified and resolved.

Be aware that versions 21.4R3-S7.9, 22.1R3-S5.3, and 22.2R3-S4.11 are updates of prior releases, so pay close attention to the complete version number, especially the last digits. 

The issue (1719594) identified on the Customer Support website cannot be evaluated by Juniper’s Security Incident Response Team (SIRT) because their policy excludes investigating releases that have surpassed either the End of Engineering (EOE) or the End of Life (EOL). 

The Security Incident Response Team (SIRT) inspects only software versions that are actively supported for security vulnerabilities. 

An issue was identified and documented on July 1st, 2024.

After investigation, it was determined that no temporary solutions or alternative methods (workarounds) are currently available to address this problem. This indicates that the issue is likely complex and may require a more permanent fix, such as a software patch or hardware update. 

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files