Juniper Networks Junos OS SRX Series Web-Filtering Module Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Web-Filtering module of Juniper Networks Junos OS on SRX Series devices. This vulnerability arises from improper validation of the syntactic correctness of input, allowing an unauthenticated, network-based attacker to cause an FPC crash and restart. The issue occurs when a device configured for UTM Web-Filtering receives a specifically malformed SSL packet. Affected versions include Junos OS 23.2 (from 23.2R2-S2 prior to 23.2R2-S5), 23.4 (from 23.4R2-S1 prior to 23.4R2-S5), 24.2 (prior to 24.2R2-S2), and 24.4 (prior to 24.4R1-S3 and 24.4R2). Earlier versions of Junos are also affected, but no fix is available.

Impact

Exploitation of this vulnerability leads to a crash of the forwarding plane component (FPC), causing a denial-of-service condition on the affected device.

Reproduction

To reproduce this vulnerability, configure a Juniper SRX device with a UTM policy that includes web-filtering. Then, send a malformed SSL packet to the device. The packet's specific characteristics should exploit the improper validation in the web-filtering module, causing an FPC crash and restart.

Remediation

Users can upgrade to Junos OS versions 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R1-S3, 24.4R2, 25.2R1, or any subsequent release. This vulnerability is tracked as PR1876037.