Products

Solutions

Company

Book A Live Demo

CVE-2017-10608 : Security Advisory and Response

Learn about CVE-2017-10608 affecting Juniper Networks SRX series devices using IPv6 Sun/MS-RPC ALGs. Find out the impact, affected systems, and mitigation steps.

Devices from the Juniper Networks SRX series that have one or more ALGs enabled can experience a flowd crash when processing traffic through the Sun/MS-RPC ALGs. An exploit in the Sun/MS-RPC ALG services component of Junos OS allows attackers to repeatedly deny service to the target. This vulnerability only affects IPv6 traffic and is not observed in IPv4 traffic or to-host traffic. The issue is isolated to the ALG service and does not impact HA services or other Juniper Networks products or platforms.

Understanding CVE-2017-10608

This CVE involves a denial of service vulnerability affecting Juniper Networks SRX series devices using IPv6 Sun/MS-RPC ALGs.

What is CVE-2017-10608?

Vulnerability in Sun/MS-RPC ALG services component of Junos OS

Allows attackers to repeatedly deny service to the target

Specifically impacts IPv6 traffic on Juniper Networks SRX series devices

The Impact of CVE-2017-10608

Attack Complexity: Low

Attack Vector: Network

Availability Impact: High

CVSS Base Score: 7.5 (High)

No impact on Confidentiality or Integrity

No privileges required

Technical Details of CVE-2017-10608

This section provides detailed technical information about the vulnerability.

Vulnerability Description

Flowd crash when processing traffic through Sun/MS-RPC ALGs

Repeated denial of service against the target

Affected Systems and Versions

Platforms: SRX Series

Product: Junos OS

Affected Versions: 12.1X46 prior to 12.1X46-D55, 12.3X48 prior to 12.3X48-D32, 12.3X48-D35, 15.1X49 prior to 15.1X49-D60

Exploitation Mechanism

No known malicious exploitation reported

Vulnerability observed in a production network

Mitigation and Prevention

Protect your systems from CVE-2017-10608 with the following steps:

Immediate Steps to Take

Disable Sun/MS-RPC ALGs on SRX Series device

Disable IPv6 on the device

Filter incoming IPv6 or Sun/MS-RPC traffic

Long-Term Security Practices

Regularly update Junos OS to the latest patched versions

Implement network security best practices

Patching and Updates

Updated software releases: Junos OS 12.1X46-D55, 12.3X48-D32, 12.3X48-D35, 15.1X49-D60, 17.3R1, and subsequent releases

CVE-2017-10608 : Security Advisory and Response

Understanding CVE-2017-10608

What is CVE-2017-10608?

The Impact of CVE-2017-10608

Technical Details of CVE-2017-10608

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-10608 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-10608

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-10608?

The Impact of CVE-2017-10608

Technical Details of CVE-2017-10608

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-10608

What is CVE-2017-10608?

Is your System Free of Underlying Vulnerabilities?
Find Out Now