Product Affected:
This issue can affect ScreenOS 6.3.
Problem:
A denial of service (DoS)
issue has been discovered in ScreenOS firewalls that can be exploited by
remote unauthenticated attackers. When a malformed SSL/TLS protocol
packet is sent to a vulnerable ScreenOS firewall, the firewall crashes
and restarts or if in a HA configuration triggers a failover. The issue
can be repeatedly exploited to create an extended denial of service
condition.
Older versions of ScreenOS have reached the end of
support milestone and have not been evaluated for the issue, but are
likely affected. Customers are advised to upgrade to a fixed supported
release once it is made available.
While Juniper has not seen any
malicious exploitation of this vulnerability, the packet has been found
in normal network activity.
No other Juniper Networks products or platforms are affected by this issue.
This issue has been assigned
CVE-2014-2842.
There is no software
available at this time to resolve this issue. Software updates will be
available in the near future. Until then, the workaround should be used.
This advisory will be updated once software is made available on the support site.
KB16765
- "In which releases are vulnerabilities fixed?" describes which
release vulnerabilities are fixed as per our End of Engineering and End
of Life support policies.
Workaround:
Due to the likelihood of the
specific packet occurring during normal activity, Juniper recommends
disabling HTTPS administration until a software fix is available. This
includes disabling HTTPS administration even on internal and protected
networks.
This issue is completely mitigated when HTTPS management is disabled.
No comments:
Post a Comment