Junos IPv6 To IPv4 Translating Denial Of Service Vulnerability Network Vulnerability

Summary

DoS when translating from IPv6 to IPv4.

Impact

Unauthenticated attackers can cause a DoS condition by repeatedly exploiting this vulnerability.

Solution

New builds of Junos OS software are available from Juniper. As a workaround disable NAT translation from IPv6 to IPv4 if not required.

Insight

A denial of service (DoS) issue has been discovered in Juniper SRX Series products that can be exploited by remote unauthenticated attackers. This issue takes place when a certain malformed packet is translated from IPv6 to IPv4. When this malformed packet is sent to a vulnerable SRX Series device, the flowd process may crash.

Affected

Junos OS 11.4, 12.1, 12.1X44, 12.1X45 and 12.1X46.

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10641

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3822
CVSS Base Score: 5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Junos CVE-2004-0468
Junos J-Web Persistent Cross Site Scripting Vulnerability
Junos flowd Buffer Overflow Vulnerability
Junos OSPF Protocol Vulnerability
Junos OpenSSL Denial of Service Vulnerability

Junos IPv6 to IPv4 Translating Denial of Service Vulnerability

Take action and discover your vulnerabilities