Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos ICMPv6 DoS Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Junos OS is prone to a denial of service vulnerability in ICMPv6 PTB messages.
Insight
Insight
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. The security implications of IP fragmentation have been discussed at length in various RFCs. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement RFC 6946. However, even nodes that already implement RFC 6946 can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. This issue is triggered by ICMPv6 traffic destined to the device. Transit IPv6 traffic will not cause this issue to occur, and IPv4 is unaffected by this vulnerability.
Affected Software
Affected Software
Junos OS 12.3X48, 14.1, 14.2, 15.1, 16.1 and 16.2
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper.