CVE-2024-21593

EPSS 0.03%
Published 12.04.2024 15:15:23
Last modified 21.11.2024 08:54:40
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.
 
Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.

This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.

This issue affects:
Juniper Networks Junos OS
21.4 versions from 21.4R3 earlier than 21.4R3-S5;
22.2 versions from 22.2R2 earlier than 22.2R3-S2;
22.3 versions from 22.3R1 earlier than 22.3R2-S2;
22.3 versions from 22.3R3 earlier than 22.3R3-S1
22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;
23.2 versions earlier than 23.2R1-S1, 23.2R2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorJuniper Networks

≫

Product Junos OS

Default Statusunaffected

Version < 21.4R3-S5

Version 21.4R3

Status affected

Version 22.1

Status unaffected

Version < 22.2R3-S2

Version 22.2R2

Status affected

Version < 22.3R2-S2

Version 22.3R1

Status affected

Version < 22.3R3-S1

Version 22.3R3

Status affected

Version < 22.4R2-S2, 22.4R3

Version 22.4R1

Status affected

Version < 23.2R1-S1, 23.2R2

Version 23.2

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

https://supportportal.juniper.net/JSA75732

https://nvd.nist.gov/vuln/detail/CVE-2024-21593

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21593

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21593

EUVD