Medium Nessus Plugin ID 126925
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe version of the tested product installed on the remote host is prior to the fixed version in the advisory. It is, therefore, affected by a denial of service vulnerability that exists in RPD daemon. An unauthenticated, remote attacker can exploit this issue, by continuously sending a specific Draft-Rosen MVPN control packet, to repeatedly crash the RPD process causing a prolonged denial of service as referenced in the JSA10879 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionApply the relevant Junos software release referenced in Juniper advisory JSA10879