Juniper Junos SRX Series NAT IPv6 to IPv4 Remote DoS (JSA10635)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number, the remote Juniper
Junos SRX series device is affected by a denial of service
vulnerability. A remote attacker, by sending a specially crafted
packet to an SRX series device, can crash the 'flowd' process when the
packet is translated from IPv6 to IPv4.

Note that this issue only affects devices with NAT protocol
translation from IPv6 to IPv4 enabled.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10635

Solution :

Apply the relevant Junos software release or workaround referenced in
Juniper advisory JSA10635.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Junos Local Security Checks

Nessus Plugin ID: 76504 ()

Bugtraq ID: 68545

CVE ID: CVE-2014-3817

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now