Critical Flaw in Juniper Networks Firewalls Leaves Organizations Vulnerable

CVECVE-2024-21616
CVSScvssV3_1: 7.5
SourceCVE-2024-21616

Juniper Networks, a leading provider of networking equipment, has disclosed a vulnerability in their Junos OS firewall software that could allow remote attackers to cause denial of service (DoS) attacks.

The flaw is due to improper validation of SIP packets by the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) in Junos OS. When a specially crafted SIP packet is received and processed, it causes NAT IP allocation to fail for legitimate traffic. This results in the firewall resources getting exhausted, blocking access for authorized users.

Attackers can exploit this vulnerability from the network without any authentication. Continuous transmission of malicious SIP packets would cause a sustained DoS condition, making critical firewall services and network resources unavailable.

Organizations using affected Juniper MX and SRX series firewall devices running versions earlier than those mentioned in the security advisory are at risk. Administrators can check for signs of exploitation by monitoring NAT IP usage through the “show security nat resource-usage” command.

To protect networks, administrators should immediately apply the latest software updates released by Juniper Networks. Proper firewall configuration and access controls can also prevent remote attackers from abusing such vulnerabilities. Regular monitoring and patching is recommended to ensure Juniper firewalls functioning as the last line of defense remain secure.

References