A denial-of-service vulnerability has been identified in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. This vulnerability allows an unauthenticated network-based attacker to send a specific ICMP packet through a GRE tunnel, causing the PFE to crash and restart. The issue arises when PowerMode IPsec (PMI) and GRE performance acceleration are enabled. PMI, which is enabled by default, enhances IPsec performance using Vector Packet Processing. The vulnerability leads to traffic loss, as the PFE crash disrupts normal packet forwarding.
Exploitation of this vulnerability causes the packet forwarding engine to crash, restart, and lose traffic, disrupting network services.
To reproduce this vulnerability, ensure that PowerMode IPsec and GRE performance acceleration are enabled on a Junos OS SRX Series device. Then, send a specific ICMP packet through an active GRE tunnel. The packet forwarding engine will crash and restart, causing a loss of traffic.
Users can update to Junos OS versions 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, or any subsequent release. Alternatively, GRE performance acceleration can be disabled or PowerMode IPsec can be turned off.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
