CVE-2017-10619 : Exploit Details and Defense Strategies

When configuring Express Path on Juniper Networks SRX high-end platforms in high availability cluster mode, a vulnerability can lead to a denial of service due to multicast packets.

Understanding CVE-2017-10619

This CVE involves a denial of service vulnerability in flowd on specific Juniper Networks SRX platforms when Express Path is configured in high availability cluster mode.

What is CVE-2017-10619?

Configuring Express Path on SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster mode can cause flowd process crashes due to certain multicast packets.
This can interrupt traffic flow, triggering fail-over to the secondary node and potentially leading to a denial of service situation.

The Impact of CVE-2017-10619

CVSS Base Score: 7.5 (High)
Attack Vector: Network
Availability Impact: High
Attack Complexity: Low
The vulnerability can result in extended denial of service and data-plane fail-over.

Technical Details of CVE-2017-10619

Vulnerability Description

Express Path configuration on specific Juniper Networks SRX platforms can crash the flowd process with multicast packets, impacting traffic flow.

Affected Systems and Versions

Affected Platforms: SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800
Affected Versions: Junos OS 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D80

Exploitation Mechanism

No known malicious exploitation reported by Juniper SIRT.

Mitigation and Prevention

Immediate Steps to Take

Update to fixed software releases: Junos OS 12.3X48-D45, 15.1X49-D80, 17.3R1, or later.

Long-Term Security Practices

Regularly review and apply software updates and patches.
Monitor for any abnormal traffic patterns or flowd process crashes.

Patching and Updates

The issue is tracked as PR 1233849 and can be found on the Customer Support website.