Junos FPC Denial Of Service Vulnerability Network Vulnerability

Impact

An attacker can cause the RE to be unable to communicate over the private network that connects the FPCs and REs eventually causing all FPCs to go offline and stay offline. Systems with redundant REs will failover, but would then be subject to the same issue.

Solution

New builds of Junos OS software are available from Juniper. As a workaround filter fragmented packets destined to the router.

Insight

Traffic between the RE and transit interfaces is carried over an internal network between the PFEs and REs. Some REs use em interfaces (usually, em0 and em1) to connect to this network. Receipt of a carefully crafted set of fragmented packets, destined to the router, can cause the em driver to become permanently blocked when trying to formulate a reply.

Affected

Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10655
http://www.securityfocus.com/bid/70369

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6380
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Junos DNSSEC validation Denial of Service
Junos SIP ALG Denial of Service Vulnerability
Junos Multiple Privilege Escalation Vulnerabilities in Junos CLI
Junos BGP UPDATE Denial of Service Vulnerability
Junos Kernel Panic Denial of Service Vulnerability

Junos FPC Denial of Service Vulnerability

Take action and discover your vulnerabilities