Evaluated Products

MX-SE, MX-SE II, MX-E and MX-Virtual systems running firmware version 16.0.4 and later

Impacted Products

None

Affected Releases

Not applicable

Impacted 3rd Party Products

Not applicable

Introduction

On March 19, 2024 details of potential vulnerabilities impacting implementations of the UDP application protocol were published in the National Vulnerability Database under CVE-2024-2169.

Description

Zultys evaluated whether the MX-SE, MX-SE II, MX-E and MX-Virtual products running firmware version 16.0.4 or later are impacted by this vulnerability.

Zultys determined that these products are not impacted by the vulnerabilities detailed in CVE-2024-2169.

In addition, the evaluated firmware versions have the Unicast Reverse Path Forwarding (uRPF) network security feature enabled to prevent UDP based IP spoofing attacks.

TFTP and NTP services that utilize UDP are common targets for Denial of Service (DoS) attacks and thus it is best practice to limit access to these services through appropriate configuration of the Service Protection feature of the MX or an external firewall.

Contact

If additional information is required contact support@zultys.com or your Authorized Zultys Channel Partner.