Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473)

0

0

Article ID: JSA10584 SECURITY_ADVISORIES Last Updated: 21 Aug 2013Version: 2.0
Product Affected:
NSM3000 and NSMExpress with NSM releases 2010.3, 2011.4, 2012.1, 2012.2 and NSM software releases 2010.3, 2011.4, 2012.1, 2012.2.
Problem:
A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue.

This issue has been assigned CVE-2011-1473.
Solution:
Network services in NSM utilizing SSL/TLS have been fixed to resolve this vulnerability.
NSM Releases containing the fix specifically include:
  • 2010.3s13
  • 2011.4s10
  • 2012.1R7
  • 2012.2R3
All subsequent releases will also contain the fix.

This issue is being tracked as PR 745721 and is visible on the Customer Support website. A Customer Support login is required.
Workaround:
Use access lists or firewall filters to limit access to NSM from only trusted networks.
Implementation:
 
CVSS Score:
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Severity Level:
Medium
Severity Assessment:
A network based attacker (AV:N) can easily (A:L) cause a partial DoS condition (A:P)
Acknowledgements:
 
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search