CVE-2017-10610
HIGHJuniper Junos OS DoS via Crafted ICMP Packet in NAT64 Tunnel
Title source: llmDescription
On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10813
Vendor Advisory x_refsource_misc
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/nat-stateful-nat64-configuring.html
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
58.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (6)
juniper/junos
12.1x46 (11 CPE variants)
juniper/junos
12.3x48 d10 (9 CPE variants)
juniper/junos
15.1x49 d10 (14 CPE variants)
Juniper Networks/Junos OS
12.1X46 prior to 12.1X46-D71
Juniper Networks/Junos OS
12.3X48 prior to 12.3X48-D55
Juniper Networks/Junos OS
15.1X49 prior to 15.1X49-D100
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026