An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R1-S2, 24.2R2 An indicator of compromise will indicate the SPC3 SPUs utilization has spiked. For example:     user@device> show services service-sets summary Service sets CPU Interface configured Bytes used Session bytes used Policy bytes used utilization "interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2.

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S2,  * from 22.2 before 22.2R3-S1,  * from 22.3 before 22.3R2-S1, 22.3R3,  * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.