Junos BGP FlowSpec Denial Of Service Vulnerability Network Vulnerability

Summary

Junos OS with BGB FlowSpec enabled are vulnerable to a Denial of Service attack.

Impact

Exploiting this issue may allow remote attackers to crash and restart the RPD (Routing Protocol Daemon), causing denial-of-service conditions.

Solution

New builds of Junos OS software are available from Juniper.

Insight

Receipt of a malformed BGP FlowSpec prefix may cause the router to trigger an assert (programmatic crash) when detecting a certain specification violation. Rather than simply flagging, logging, and/or dropping the packet, the routing process daemon (rpd) will crash and restart.

Affected

Junos OS 11.4, 12.1, 12.2, 12.3 and 13.1

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10670

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6386
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Junos Flowd Denial of Service Vulnerability
Junos RSVP Denial of Service Vulnerability
Junos Multiple Privilege Escalation Vulnerabilities
Junos Web Filtering Denial of Service Vulnerability
Junos PIM Handling DoS Vulnerability

Junos BGP FlowSpec Denial of Service Vulnerability

Take action and discover your vulnerabilities