On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72 12.3X48 versions prior to 12.3X48-D55 15.1X49 versions prior to 15.1X49-D90. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Note: Authentication is required to detect this vulnerabilityĪ vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Earlier releases are unaffected by this vulnerability, and the issue has been resolved in Junos OS 16.1R1 and all subsequent releases. This issue only affects devices running Junos OS 15.1. Devices with IS-IS configured on the interface are not vulnerable to this issue unless CLNS routing is also enabled. Devices with without CLNS enabled are not vulnerable to this issue. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. (Based on CVE version 20061101 and SANS Top 20 version 7.) For the current documentation, please log into the mySAINT portal using your customer login and password. CVE Cross Reference 2018 The information on this page may be obsolete.
0 kommentar(er)
