JunOS Local Security Checks : Juniper Networks Junos OS QFX Series: PFE DoS Vulnerability (JSA10747)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106071

Category: JunOS Local Security Checks

Title: Juniper Networks Junos OS QFX Series: PFE DoS Vulnerability (JSA10747)

Summary: Junos OS on QFX series is prone to a denial of service (DoS); vulnerability in PFE.

Description: Summary:
Junos OS on QFX series is prone to a denial of service (DoS)
vulnerability in PFE.

Vulnerability Insight:
A vulnerability in handling high rate of certain VXLAN packets
may result in a PFE panic causing a denial of service condition. This issue can occur only when
ping or traceroute command with overlay option is being run on the device.

This issue only affects the QFX series devices with Junos 14.1X53 prior to 14.1X53-D30.
QFX 10k series devices are not affected.

Vulnerability Impact:
An attacker may cause a PFE panic which leads to a denial of
service condition.

Affected Software/OS:
Junos OS 14.1.

Solution:
New builds of Junos OS software are available from Juniper.

As a workaround disable VXLAN or block VXLAN packets.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-1274

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106071
Category:	JunOS Local Security Checks
Title:	Juniper Networks Junos OS QFX Series: PFE DoS Vulnerability (JSA10747)
Summary:	Junos OS on QFX series is prone to a denial of service (DoS); vulnerability in PFE.
Description:	Summary: Junos OS on QFX series is prone to a denial of service (DoS) vulnerability in PFE. Vulnerability Insight: A vulnerability in handling high rate of certain VXLAN packets may result in a PFE panic causing a denial of service condition. This issue can occur only when ping or traceroute command with overlay option is being run on the device. This issue only affects the QFX series devices with Junos 14.1X53 prior to 14.1X53-D30. QFX 10k series devices are not affected. Vulnerability Impact: An attacker may cause a PFE panic which leads to a denial of service condition. Affected Software/OS: Junos OS 14.1. Solution: New builds of Junos OS software are available from Juniper. As a workaround disable VXLAN or block VXLAN packets. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1274
Copyright	Copyright (C) 2016 Greenbone AG