Juniper Networks Junos OS Chassis Control Daemon Denial-of-Service Vulnerability on SRX1600, SRX2300, and SRX4300

A denial-of-service vulnerability has been identified in the chassis control daemon (chassisd) of Juniper Networks Junos OS, specifically on SRX1600, SRX2300, and SRX4300 platforms running certain 24.4 versions. This vulnerability allows a local attacker with low privileges to cause chassisd to crash and restart, temporarily disrupting all traffic until the modules are back online. The issue arises when the 'show chassis' CLI command is executed.

Impact

Exploitation of this vulnerability leads to a complete denial-of-service condition, causing the chassisd process to crash and restart. This interruption temporarily affects all traffic until the system modules are fully operational again.

Remediation

Users can upgrade to Junos OS versions 24.4R1-S3, 24.4R2, 25.2R1, or any subsequent release to address this vulnerability. Additionally, access lists or firewall filters can be used to restrict CLI access to trusted hosts and administrators, and CLI authorization can be implemented to prevent the execution of the 'show chassis' command.