Lucene search

JuniperCVELIST:CVE-2024-21595

HistoryJan 12, 2024 - 12:52 a.m.

CVE-2024-21595 Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang

2024-01-1200:52:35

CWE-1286

juniper

www.cve.org

denial of service

network-based attack

improper validation

pfe hang

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.5%

JSON

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.

This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.

This issue affects:

Juniper Networks Junos OS

21.4R3 versions earlier than 21.4R3-S4;
22.1R3 versions earlier than 22.1R3-S3;
22.2R2 versions earlier than 22.2R3-S1;
22.3 versions earlier than 22.3R2-S2, 22.3R3;
22.4 versions earlier than 22.4R2;
23.1 versions earlier than 23.1R2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "EX4100",
      "EX4400",
      "EX4600",
      "QFX5000 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4R3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1R3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S1",
        "status": "affected",
        "version": "22.2R2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1R2",
        "status": "affected",
        "version": "23.1",
        "versionType": "semver"
      }
    ]
  }
]

References

advisory.juniper.net/JSA75734

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVELIST:CVE-2024-21595