CVE-2019-0060

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 15.1X49-D171 Junos OS versions 15.1X49-D180 on SRX Series Junos OS versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series Junos OS versions prior to 18.4R2 on SRX Series

Description The issue is related to errors in processing IP packets through an IPsec tunnel, which may cause the flowd process to crash and restart, resulting in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not affected.

Recommendations For versions prior to 15.1X49-D171, update to 15.1X49-D171 or later. For version 15.1X49-D180 on SRX Series, update to a version that includes the fix. For versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series, update to 18.2R3 or later. For versions prior to 18.4R2 on SRX Series, update to 18.4R2 or later. As a temporary workaround, consider disabling IPsec tunnels until a patch is available.