SRX5000 Series with SPC3, SRX4000 Series, and vSRX: When PowerMode IPsec is configured, the PFE will crash upon receipt of a malformed ESP packet
A firewall device (Juniper SRX) can crash when it receives a malformed encrypted network packet if a specific security feature (PowerMode IPsec) is enabled. An attacker on the network can trigger this crash without needing special access, causing the firewall to stop working temporarily.
The Packet Forwarding Engine (PFE) in Juniper SRX devices fails to properly validate the structure of ESP (Encapsulating Security Payload) packets when PowerMode IPsec is active, allowing an unauthenticated network-based attacker to craft malformed packets matching an established IPsec tunnel and trigger a PFE crash, resulting in Denial of Service. Affected platforms include SRX5000 Series with SPC3, SRX4000 Series, and vSRX across multiple Junos OS versions prior to specified patches.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →