SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the Junos OS installed on the remote host is affected by a denial of service (DoS) vulnerability. On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore).
This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing].
The number of mbufs is platform dependent. Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versio number.
SolutionApply the relevant Junos software release referenced in Juniper advisory JSA11040