Juniper Junos snmpd SNMP Packet Handling RCE (JSA10793)
Critical Nessus Plugin ID 102706
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number and configuration, the remote Juniper Junos device is affected by a remote code execution vulnerability in the snmpd daemon due to improper handling of SNMP packets. An unauthenticated, remote attacker can exploit this, via a specially crafted SNMP packet, to cause a denial of service condition or the execution of arbitrary code..
SolutionUpgrade to the relevant Junos software release referenced in Juniper security advisory JSA10793. Alternatively, as a workaround, disable the SNMP service.