Juniper Junos SRX Series flowd telnet Messages Remote Code Execution (JSA10594)
Critical Nessus Plugin ID 70479
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos SRX series device is affected by a remote code execution vulnerability. A remote attacker can send specially crafted Telnet messages to cause a buffer overflow the flow daemon (flowd).
Note that this issue only affects devices with telnet pass-through authentication enabled on the device.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10594.