CVE-2019-0060
HIGHJuniper Junos - Denial of Service via IPSec Tunnel Traffic Processing
Title source: llmDescription
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.juniper.net/JSA10959
Vendor Advisory x_refsource_misc
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ipsec-tunnel-traffic-configuration.html
Scores
CVSS v3
7.5
EPSS
0.0041
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-755
Status
published
Products (3)
juniper/junos
15.1x49 (23 CPE variants)
juniper/junos
18.2 (2 CPE variants)
juniper/junos
18.4 (3 CPE variants)
Published
Oct 09, 2019
Tracked Since
Feb 18, 2026