PT-2016-4677 · Juniper Networks · Junos
Published
2016-01-15
·
Updated
2016-12-03
·
CVE-2016-1262
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 12.1X46-D45
Junos OS versions prior to 12.1X47-D30
Junos OS versions prior to 12.3X48-D20
Junos OS versions prior to 15.1X49-D30
Description
The issue allows remote attackers to cause a denial of service, resulting in a flowd crash, via a crafted Real Time Streaming Protocol (RTSP) packet when the RTSP Application Layer Gateway (ALG) is enabled on SRX series devices.
Recommendations
For versions prior to 12.1X46-D45, update to 12.1X46-D45 or later.
For versions prior to 12.1X47-D30, update to 12.1X47-D30 or later.
For versions prior to 12.3X48-D20, update to 12.3X48-D20 or later.
For versions prior to 15.1X49-D30, update to 15.1X49-D30 or later.
As a temporary workaround, consider disabling the RTSP ALG to minimize the risk of exploitation.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos