and other messages regarding SFP not found in the system. Fixing this issue requires a restart of the PFE. One of the possible ways to prevent this issue is to enable the feature "Stateful Packet Inspection" on the device. Since there is no stateful inspection in the PFE, unplugged SFPs are not detected. The best way to secure a device against this attack vector is to enable the feature "Stateful Packet Inspection" in the PFE of the device. CVE-2017-18271 Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). By creating a malformed packet with a forged IP header, it is possible to cause the IPv4 parsing engine to consume resources of the device. This may lead to a DoS condition. The issue has been confirmed on standalone MR/EDR and SRX devices with software releases earlier than 12.3. In addition, the issue has been confirmed on Juniper Networks Junos operating systems running on IBM System X (formerly System x) servers. CVE-2017-18272 Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). By creating a malformed packet with a forged IP header, it is possible to cause the IPv4 parsing engine to consume resources of the device. This may lead to a DoS condition. The issue has been confirmed on standalone MR/ED

Vulnerability Description

In order to resolve the CVE-2017-18271, the following steps have been taken:
1. The feature "Stateful Packet Inspection" has been enabled on all SRX devices.
2. SRX devices with software releases earlier than 12.3 have been updated to version 12.3 or later.

Solution and Workaround

The workaround for this issue is to upgrade the device software to the latest release. CVE-2017-18273 Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). By creating a malformed packet with a forged IP header, it is possible to cause the IPv4 parsing engine to consume resources of the device. This may lead to a DoS condition. The issue has been confirmed on standalone MR/EDR and SRX devices with software releases earlier than 12.3. In addition, the issue has been confirmed on Juniper Networks Junos operating systems running on IBM System X (formerly System x) servers.

Timeline

Published on: 10/18/2022 03:15:00 UTC

References