First published: Wed Oct 09 2019(Updated: )
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | =15.1x49 | |
Juniper JUNOS | =15.1x49-d10 | |
Juniper JUNOS | =15.1x49-d100 | |
Juniper JUNOS | =15.1x49-d110 | |
Juniper JUNOS | =15.1x49-d120 | |
Juniper JUNOS | =15.1x49-d130 | |
Juniper JUNOS | =15.1x49-d140 | |
Juniper JUNOS | =15.1x49-d150 | |
Juniper JUNOS | =15.1x49-d160 | |
Juniper JUNOS | =15.1x49-d170 | |
Juniper JUNOS | =15.1x49-d20 | |
Juniper JUNOS | =15.1x49-d30 | |
Juniper JUNOS | =15.1x49-d35 | |
Juniper JUNOS | =15.1x49-d40 | |
Juniper JUNOS | =15.1x49-d45 | |
Juniper JUNOS | =15.1x49-d50 | |
Juniper JUNOS | =15.1x49-d55 | |
Juniper JUNOS | =15.1x49-d60 | |
Juniper JUNOS | =15.1x49-d65 | |
Juniper JUNOS | =15.1x49-d70 | |
Juniper JUNOS | =15.1x49-d75 | |
Juniper JUNOS | =15.1x49-d80 | |
Juniper JUNOS | =15.1x49-d90 | |
Juniper Csrx | ||
Juniper Srx100 | ||
Juniper Srx110 | ||
Juniper Srx1400 | ||
Juniper Srx1500 | ||
Juniper Srx210 | ||
Juniper Srx220 | ||
Juniper Srx240 | ||
Juniper Srx300 | ||
Juniper Srx320 | ||
Juniper Srx340 | ||
Juniper Srx3400 | ||
Juniper Srx345 | ||
Juniper Srx3600 | ||
Juniper Srx4100 | ||
Juniper Srx4200 | ||
Juniper Srx4600 | ||
Juniper Srx5400 | ||
Juniper Srx550 | ||
Juniper Srx550 Hm | ||
Juniper Srx5600 | ||
Juniper Srx5800 | ||
Juniper Srx650 | ||
Juniper vSRX | ||
Juniper JUNOS | =18.2 | |
Juniper JUNOS | =18.2-r1-s5 | |
Juniper JUNOS | =18.4 | |
Juniper JUNOS | =18.4-r1 | |
Juniper JUNOS | =18.4-r1-s2 |
The following software releases have been updated to resolve this specific issue: 15.1X49-D171, 15.1X49-D180, 18.2R3, 18.4R2, 19.1R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0060 is a vulnerability that can cause a Denial of Service (DoS) condition in Juniper SRX Series services gateways.
CVE-2019-0060 has a severity rating of 7.5, which is considered high.
CVE-2019-0060 affects Juniper JUNOS versions 15.1x49, 18.2, and 18.4.
To fix CVE-2019-0060, it is recommended to update to a patched version of Juniper JUNOS.
More information about CVE-2019-0060 can be found in the Juniper Knowledge Base and Juniper documentation.