Vigil@nce - Junos: denial of service via XNM
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the XNM command of Junos, to consume a large
amount of memory, in order to trigger a denial of service.
Impacted products: Juniper J-Series, JUNOS
Severity: 2/4
Creation date: 08/01/2014
DESCRIPTION OF THE VULNERABILITY
An application can use the Junos XML protocol to connect to the
service:
– xnm-clear-text : port 3221
– xnm-ssl : port 3220
An attacker can use the XNM command of Junos, to consume a large
amount of memory, in order to trigger a denial of service.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Junos-denial-of-service-via-XNM-14038