Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos TCP Packet Processing Denial of Service Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
DoS in TCP packet processing
Insight
Insight
For an established TCP session, TCP input validation only ensures that sequence numbers are within the acceptable window prior to examining whether the SYN flag is set on the segment. If the SYN flag is set, the TCP stack drops the session and sends a RST segment to the other side. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability.
Affected Software
Affected Software
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper. As a workaround enable TCP authentication, enable IPSec, enable the system to send ACKs for in-window RSTs and SYN packets, enable a stateful firewall to block SYN packets on existing sessions.