CVE-2024-21595

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.juniper.net/JSA75734	Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	Third Party Advisory
https://advisory.juniper.net/JSA75734	Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.3:-::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.1:r1::::::

OR	cpe:2.3:h:juniper:ex4100:-:::::::*
	cpe:2.3:h:juniper:ex4400:-:::::::*
	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:qfx5100:-:::::::*
	cpe:2.3:h:juniper:qfx5100-96s:-:::::::*
	cpe:2.3:h:juniper:qfx5110:-:::::::*
	cpe:2.3:h:juniper:qfx5120:-:::::::*
	cpe:2.3:h:juniper:qfx5130:-:::::::*
	cpe:2.3:h:juniper:qfx5200:-:::::::*
	cpe:2.3:h:juniper:qfx5200-32c:-:::::::*
	cpe:2.3:h:juniper:qfx5200-48y:-:::::::*
	cpe:2.3:h:juniper:qfx5210:-:::::::*
	cpe:2.3:h:juniper:qfx5210-64c:-:::::::*
	cpe:2.3:h:juniper:qfx5220:-:::::::*
	cpe:2.3:h:juniper:qfx5700:-:::::::*

History

21 Nov 2024, 08:54

Type	Values Removed	Values Added
References	~~() https://advisory.juniper.net/JSA75734 - Vendor Advisory~~	() https://advisory.juniper.net/JSA75734 - Vendor Advisory
References	~~() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - Third Party Advisory~~	() https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - Third Party Advisory

18 Jan 2024, 20:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 01:15

Updated : 2024-11-21 08:54

NVD link : CVE-2024-21595

Mitre link : CVE-2024-21595

CVE.ORG link : CVE-2024-21595

JSON object : View

Products Affected

juniper

qfx5120
qfx5130
junos
qfx5220
qfx5200
qfx5200-32c
qfx5210-64c
qfx5200-48y
qfx5110
ex4400
qfx5210
ex4600
qfx5700
ex4100
qfx5100
qfx5100-96s

CWE

CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo

7.5 /10