Juniper Networks Junos OS Improper Input Validation Vulnerability in Syslog Stream TCP Transport on MX Series Devices Allowing CPU Denial-of-Service

A denial-of-service vulnerability has been identified in the syslog stream TCP transport of Juniper Networks Junos OS. This issue affects MX240, MX480, and MX960 devices with the MX-SPC3 Security Services Card. The vulnerability arises from improper input validation, allowing an unauthenticated, network-based attacker to send specific spoofed packets that cause a CPU denial-of-service condition on the MX-SPC3 service processing units (SPUs). The denial-of-service condition can be sustained by the continued receipt and processing of these specific packets. This vulnerability impacts all Junos OS versions prior to 22.2R3-S6, from 22.4 prior to 22.4R3-S4, from 23.2 prior to 23.2R2-S3, from 23.4 prior to 23.4R2-S4, and from 24.2 prior to 24.2R1-S2, as well as 24.2R2.

Impact

Exploitation of this vulnerability leads to a CPU denial-of-service condition on the affected MX-SPC3 service processing units, causing a significant spike in CPU utilization.