A vulnerability in Junos OS for SRX Series devices can lead to a Denial-of-Service (DoS) attack by sending specifically crafted valid traffic. This flaw, originating from improper handling of exceptional conditions within the Packet Forwarding Engine (PFE), causes the PFE to crash and restart. Unauthenticated attackers can exploit this issue in Junos OS versions starting from 21.4R1, resulting in potential network service disruptions.
The vulnerability has a high severity rating, with CVSS v3 scoring it at 7.5 and CVSS v4 at 8.7. By continuously sending malicious traffic, attackers can induce a sustained DoS condition, significantly impacting the availability of network resources. This issue highlights the critical need for timely updates to mitigate such risks.
Juniper has identified and patched the affected versions with updates including 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, and 22.3R3. Users are strongly advised to apply these patches to protect their systems from potential DoS attacks. Juniper has not reported any active exploitation of this vulnerability but stresses the importance of installing the security updates to prevent future issues.
No temporary workarounds or alternative solutions are available for this problem, indicating its complexity. The issue, documented on July 1, 2024, underscores the need for permanent fixes such as software patches or hardware updates to address the vulnerability effectively.
