{"vuid":"VU#480428","idnumber":"480428","name":"Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets","keywords":["juniper","screenos","dos","denial","service","malformed","ssl"],"overview":"Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets.","clean_desc":"Juniper ScreenOS 6.3, and possibly earlier versions, is vulnerable to a denial of service from malformed SSL packets. Additional details may be found in Juniper security advisory JSA10624.","impact":"A remote unauthenticated attacker may be able to produce an extended denial of service against a ScreenOS firewall by repeatedly sending malformed SSL/TLS packets to the device.","resolution":"Apply an Update Juniper security advisory JSA10624 recommends the following solution. Juniper Networks has released patches to resolve this issue (see the links below): Note: The fix will also be a part of ScreenOS 6.3.0r17 that is currently under developement. NS-5200/5400 M3: https://download.juniper.net/software/firewall/ns5000.6.3.0-M3A.r16a-dfj1.0\nNS-5200/5400 M2: https://download.juniper.net/software/firewall/ns5000.6.3.0-M2A.r16a-dfj1.0\nISG-2000 with IDP: https://download.juniper.net/software/firewall/nsISG2000.6.3.0-IDP1.r16a-dfj1.0\nISG-2000: https://download.juniper.net/software/firewall/nsISG2000.6.3.0r16a-dfj1.0\nISG-1000 with IDP: https://download.juniper.net/software/firewall/nsISG1000.6.3.0-IDP1.r16a-dfj1.0\nISG-1000: https://download.juniper.net/software/firewall/nsISG1000.6.3.0r16a-dfj1.0\nSSG-520/SSG-550: https://download.juniper.net/software/firewall/ssg500.6.3.0r16a-dfj1.0\nSSG-320/SSG-350: https://download.juniper.net/software/firewall/ssg320ssg350.6.3.0r16a-dfj1.0\nSSG-140: https://download.juniper.net/software/firewall/ssg140.6.3.0r16a-dfj1.0\nSSG-5/20: https://download.juniper.net/software/firewall/ssg5ssg20.6.3.0r16a-dfj1.0 KB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. If you are unable to patch, please consider the following workaround.","workarounds":"Juniper security advisory JSA10624 recommends the following workaround. Due to the likelihood of the specific packet occurring during normal activity, Juniper recommends disabling WebUI (SSL) and WebAuth (SSL) until a software fix is available. This includes disabling WebUI (SSL) and WebAuth (SSL) even on internal and protected networks. This issue is completely mitigated when WebUI (SSL) and WebAuth (SSL) is disabled. Disabling SSL WebUI (HTTPS) is part of our best practices, as mentioned in KB29016.","sysaffected":"","thanks":"Thanks to David Klein of \nDHK Enterprises\n for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","k","b",".","j","u","n","i","p","e","r",".","n","e","t","/","I","n","f","o","C","e","n","t","e","r","/","i","n","d","e","x","?","p","a","g","e","=","c","o","n","t","e","n","t","&","i","d","=","J","S","A","1","0","6","2","4"],"cveids":["CVE-2014-2842"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-04-15T15:13:23Z","publicdate":"2014-04-16T00:00:00Z","datefirstpublished":"2014-05-16T14:40:40Z","dateupdated":"2014-05-16T15:05:51Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"N","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"L","cvss_securityrequirementsir":"L","cvss_securityrequirementsar":"H","cvss_basescore":"7.8","cvss_basevector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","cvss_temporalscore":"6.8","cvss_environmentalscore":"6.81498546336","cvss_environmentalvector":"CDP:LM/TD:M/CR:L/IR:L/AR:H","metric":0.0,"vulnote":null}