Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: 2019-10 Security Bulletin: SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature. (JSA10973) (multiple CVEs)

Back to Search

Juniper Junos OS: 2019-10 Security Bulletin: SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature. (JSA10973) (multiple CVEs)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
10/10/2018
Created
10/12/2019
Added
10/10/2019
Modified
10/21/2019

Description

SSL-Proxy feature on SRX devices fails to handle a hardware resource limitation which can be exploited by remote SSL/TLS servers to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition. For this issue to occur, clients protected by the SRX device must initiate a connection to the malicious server. This issue affects: Juniper Networks Junos OS on SRX5000 Series: 12.3X48 versions prior to 12.3X48-D85; 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;