A denial-of-service vulnerability has been identified in Juniper Networks Junos OS, all versions prior to 21.2R3-S9, from 21.4 prior to 21.4R3-S10, from 22.2 prior to 22.2R3-S6, from 22.4 prior to 22.4R3-S7, from 23.2 prior to 23.2R2-S3, from 23.4 prior to 23.4R2-S3, and from 24.2 prior to 24.2R1-S1 and 24.2R2. This vulnerability arises from an improper handling of exceptional conditions in the Berkeley Packet Filter (BPF) processing. Under certain rare circumstances, an attacker can send specific, unknown traffic patterns that trigger a race condition, causing the Flexible PIC Concentrator (FPC) and the system to crash and restart. This issue is more likely to occur when packet capturing is enabled, creating a timing issue that leads to an internal structure leakage and subsequent system crash.
Exploitation of this vulnerability causes the system and FPC to crash and restart.
To reproduce this vulnerability, enable packet capture on a Junos OS device. This can be done through the J-Web or CLI configuration editor. Once packet capture is active, monitor the interface for specific traffic patterns that may trigger the race condition, causing the system to crash. This vulnerability has been observed in a lab environment under similar conditions.
Users can upgrade to Junos OS versions 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S7, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
