Lucene search

[email protected]CVE-2024-21605

HistoryApr 12, 2024 - 3:15 p.m.

CVE-2024-21605

2024-04-1215:15:23

CWE-668

[email protected]

web.nvd.nist.gov

juniper networks

junos os

vulnerability

denial of service

packet forwarding engine

srx 300 series

resource consumption

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device.

This issue affects Juniper Networks Junos OS:

21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6;
22.1 version 22.1R3 and later versions earlier than 22.1R3-S4;
22.2 version

22.2R2

and later versions earlier than 22.2R3-S2;

22.3 version

22.3R2

and later versions earlier than 22.3R3-S1;

22.4 versions earlier than 22.4R2-S2, 22.4R3;
23.2 versions earlier than 23.2R1-S1, 23.2R2.

This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX 300 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2R3-S3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4",
        "status": "affected",
        "version": "22.1R3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2R2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S1",
        "status": "affected",
        "version": "22.3R2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S1, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4*",
        "status": "unaffected",
        "version": "21.4",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA75746

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2024-21605

cvelist1 nessus1 nvd1