Learn about CVE-2017-2346 affecting Juniper Networks' Junos OS on MX Series platforms. Discover the impact, affected versions, and mitigation steps for this vulnerability.
A potential problem arises with the MS-MPC or MS-MIC Service PIC when large fragmented packets pass through an Application Layer Gateway (ALG), leading to repeated crashes of the Service PC and a prolonged denial of service situation. This issue affects specific Junos OS versions on MX Series platforms.
Understanding CVE-2017-2346
This CVE involves a vulnerability in Juniper Networks' Junos OS that can result in a denial of service condition due to crashes in the MS-MPC or MS-MIC Service PIC when handling large fragmented traffic through an ALG.
What is CVE-2017-2346?
The vulnerability occurs when NAT or stateful-firewall rules with ALGs enabled encounter large fragmented packets, causing crashes in the Service PC and leading to a denial of service situation. The issue is attributed to a code change in certain Junos OS versions.
The Impact of CVE-2017-2346
Technical Details of CVE-2017-2346
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability in Junos OS can lead to repeated crashes of the MS-MPC or MS-MIC Service PIC, resulting in a prolonged denial of service situation when processing large fragmented packets through an ALG.
Affected Systems and Versions
The following Junos OS versions on MX Series platforms are affected:
Exploitation Mechanism
The vulnerability is exploited by passing large fragmented packets through an ALG with NAT or stateful-firewall rules enabled, triggering crashes in the Service PC.
Mitigation and Prevention
To address CVE-2017-2346, follow these mitigation steps:
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates