Vulnerability identifier: #VU68328
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-755
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Junos OS Evolved
Operating systems & Components /
Operating system
Vendor: Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors in the Packet Forwarding Engine (PFE) when processing IPv6 transit traffic. A remote attacker can send specially crafted input through the device and cause increased CPU utilization, which can result in denial of service (DoS).
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Junos OS Evolved: 21.4R1-EVO, 21.2-EVO - 21.2R3-S1-EVO, 21.1 - 21.1R3-S1-EVO, 22.1-EVO, 21.3-EVO - 21.3R2-S2-EVO
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.