CVE-2024-21595

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21595
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://advisory.juniper.net/JSA75734 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Third Party Advisory
https://advisory.juniper.net/JSA75734 Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.1:r1:*:*:*:*:*:*
OR cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:54

Type Values Removed Values Added
References () https://advisory.juniper.net/JSA75734 - Vendor Advisory () https://advisory.juniper.net/JSA75734 - Vendor Advisory
References () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - Third Party Advisory () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - Third Party Advisory

18 Jan 2024, 20:37

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de validación inadecuada de la corrección sintáctica de la entrada en el Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Si un atacante envía una alta tasa de tráfico ICMP específico a un dispositivo con VXLAN configurado, esto provoca un bloqueo del PFE y hace que el dispositivo deje de responder. Será necesario reiniciar manualmente para recuperar el dispositivo. Este problema solo afecta a los dispositivos de las series EX4100, EX4400, EX4600 y QFX5000. Este problema afecta a: Juniper Networks Junos OS * versiones 21.4R3 anteriores a 21.4R3-S4; * Versiones 22.1R3 anteriores a 22.1R3-S3; * Versiones 22.2R2 anteriores a 22.2R3-S1; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2; * Versiones 23.1 anteriores a 23.1R2.
References () https://advisory.juniper.net/JSA75734 - () https://advisory.juniper.net/JSA75734 - Vendor Advisory
References () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - () https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N - Third Party Advisory
CPE cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.1:r1:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*
cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Juniper qfx5200-48y
Juniper ex4400
Juniper qfx5100-96s
Juniper ex4600
Juniper qfx5220
Juniper qfx5700
Juniper qfx5120
Juniper ex4100
Juniper qfx5100
Juniper qfx5200-32c
Juniper qfx5210
Juniper
Juniper qfx5110
Juniper qfx5210-64c
Juniper qfx5130
Juniper qfx5200
Juniper junos

12 Jan 2024, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-12 01:15

Updated : 2024-11-21 08:54

NVD link : CVE-2024-21595

Mitre link : CVE-2024-21595

CVE.ORG link : CVE-2024-21595

JSON object : View

Products Affected

juniper

  • ex4100
  • qfx5700
  • qfx5200-32c
  • qfx5100
  • qfx5210-64c
  • ex4600
  • qfx5200
  • qfx5120
  • qfx5130
  • qfx5210
  • qfx5100-96s
  • qfx5110
  • qfx5220
  • junos
  • qfx5200-48y
  • ex4400
CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input

NVD-CWE-noinfo