Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos SRX Series: DoS Vulnerability in flowd
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Junos OS on SRX series is prone to a denial of service vulnerability.
Insight
Insight
The flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. Upon the flowd crash, data plane redundancy groups will fail over to the secondary node in the chassis cluster while flowd on the primary node restarts. This issue only occurs in chassis cluster configurations, and only if PIM is enabled on the services gateway.
Affected Software
Affected Software
Junos OS 12.1X46, 12.3X48 and 15.1X49 on SRX Series.
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable transit multicast traffic by disabling PIM and isolate or disable the secondary node of the chassis cluster until the fix is implemented.