Multiple vulnerabilities have been discovered in Juniper Junos OS, the most severe of which could allow for denial-of-service conditions. Juniper Junos OS is the common operating system that runs on Juniper Networks’ routing, switching, and security products. Successful exploitation of the most severe of these vulnerabilities could allow for denial of service conditions, but requires Resource Reservation Protocol (RSVP) to be enabled on the targeted interface. RSVP is often used by routers to deliver quality-of-service (QoS) requests to all nodes along the path(s) of the flows and to establish and maintain state to provide the requested service. If the targeted interface receives specially crafted or malformed RSVP PATH messages, the routing protocol daemon (RPD) may hang or crash. When RPD is unavailable, routing updates cannot be processed, which can lead to an extended network outage.

Read more: Center for Internet Security