Impact
An attacker can cause the RE to be unable to communicate over the private network that connects the FPCs and REs eventually causing all FPCs to go offline and stay offline. Systems with redundant REs will failover, but would then be subject to the same issue.
Solution
New builds of Junos OS software are available from Juniper. As a workaround filter fragmented packets destined to the router.
Insight
Traffic between the RE and transit interfaces is carried over an internal network between the PFEs and REs. Some REs use em interfaces (usually, em0 and em1) to connect to this network. Receipt of a carefully crafted set of fragmented packets, destined to the router, can cause the em driver to become permanently blocked when trying to formulate a reply.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2
Detection
Check the OS build.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-6380 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities