A denial-of-service vulnerability has been identified in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series routers. This issue arises in DS-Lite and NAT scenarios, where crafted IPv6 traffic can block ports assigned to users, preventing the establishment of new connections. Affected ports must be manually freed by restarting the relevant FPC/PIC. The vulnerability affects Junos OS versions 21.2 prior to 21.2R3-S8, 21.4 prior to 21.4R3-S7, 22.1 prior to 22.1R3-S6, 22.2 prior to 22.2R3-S4, 22.3 prior to 22.3R3-S3, 22.4 prior to 22.4R3-S2, 23.2 prior to 23.2R2-S1, and 23.4 prior to 23.4R1-S2 and in 23.4R2. Versions before 20.2R1 are not affected.
Exploitation of this vulnerability leads to a denial-of-service condition, where blocked ports prevent users from establishing new connections, causing disruption of services. Affected ports must be manually restarted to restore functionality.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
