CVE-2024-21595

EPSS 0.11%
Veröffentlicht 12.01.2024 01:15:47
Zuletzt bearbeitet 21.11.2024 08:54:40
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.

This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.

This issue affects:

Juniper Networks Junos OS



  *  21.4R3 versions earlier than 21.4R3-S4;
  *  22.1R3 versions earlier than 22.1R3-S3;
  *  22.2R2 versions earlier than 22.2R3-S1;
  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;
  *  22.4 versions earlier than 22.4R2;
  *  23.1 versions earlier than 23.1R2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 22 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version21.4 Updater3

   Juniper ≫ Ex4100 Version-
   Juniper ≫ Ex4400 Version-
   Juniper ≫ Ex4600 Version-
   Juniper ≫ Qfx5100 Version-
   Juniper ≫ Qfx5100-96s Version-
   Juniper ≫ Qfx5110 Version-
   Juniper ≫ Qfx5120 Version-
   Juniper ≫ Qfx5130 Version-
   Juniper ≫ Qfx5200 Version-
   Juniper ≫ Qfx5200-32c Version-
   Juniper ≫ Qfx5200-48y Version-
   Juniper ≫ Qfx5210 Version-
   Juniper ≫ Qfx5210-64c Version-
   Juniper ≫ Qfx5220 Version-
   Juniper ≫ Qfx5700 Version-

Juniper ≫ Junos Version21.4 Updater3-s1

Juniper ≫ Junos Version21.4 Updater3-s2

Juniper ≫ Junos Version21.4 Updater3-s3

Juniper ≫ Junos Version22.1 Updater3

Juniper ≫ Junos Version22.1 Updater3-s1

Juniper ≫ Junos Version22.1 Updater3-s2

Juniper ≫ Junos Version22.2 Updater2

Juniper ≫ Junos Version22.2 Updater2-s1

Juniper ≫ Junos Version22.2 Updater2-s2

Juniper ≫ Junos Version22.2 Updater3

Juniper ≫ Junos Version22.3 Update-

Juniper ≫ Junos Version22.3 Updater1

Juniper ≫ Junos Version22.3 Updater1-s1

Juniper ≫ Junos Version22.3 Updater1-s2

Juniper ≫ Junos Version22.3 Updater2

Juniper ≫ Junos Version22.3 Updater2-s1

Juniper ≫ Junos Version22.4 Update-

Juniper ≫ Junos Version22.4 Updater1

Juniper ≫ Junos Version22.4 Updater1-s1

Juniper ≫ Junos Version22.4 Updater1-s2

Juniper ≫ Junos Version23.1 Updater1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.304

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://advisory.juniper.net/JSA75734

Vendor Advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21595

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-21595