CVE-2024-21612

EPSS 0.19%
Veröffentlicht 12.01.2024 01:15:49
Zuletzt bearbeitet 21.11.2024 08:54:43
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE





An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.





This issue affects:

Juniper Networks Junos OS Evolved



  *  All versions earlier than 21.2R3-S7-EVO;
  *  21.3 versions earlier than 21.3R3-S5-EVO ;
  *  21.4 versions earlier than 21.4R3-S5-EVO;
  *  22.1 versions earlier than 22.1R3-S4-EVO;
  *  22.2 versions earlier than 22.2R3-S3-EVO ;
  *  22.3 versions earlier than 22.3R3-EVO;
  *  22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 68 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 21.2

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s5

Juniper ≫ Junos Os Evolved Version21.2 Updater3-s6

Juniper ≫ Junos Os Evolved Version21.3 Update-

Juniper ≫ Junos Os Evolved Version21.3 Updater1

Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater2

Juniper ≫ Junos Os Evolved Version21.3 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.3 Updater3

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.3 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.4 Update-

Juniper ≫ Junos Os Evolved Version21.4 Updater1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater2

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater3

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version21.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version22.1 Update-

Juniper ≫ Junos Os Evolved Version22.1 Updater1

Juniper ≫ Junos Os Evolved Version22.1 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.1 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.1 Updater2

Juniper ≫ Junos Os Evolved Version22.1 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.1 Updater3

Juniper ≫ Junos Os Evolved Version22.1 Updater3-s1

Juniper ≫ Junos Os Evolved Version22.1 Updater3-s2

Juniper ≫ Junos Os Evolved Version22.1 Updater3-s3

Juniper ≫ Junos Os Evolved Version22.2 Update-

Juniper ≫ Junos Os Evolved Version22.2 Updater1

Juniper ≫ Junos Os Evolved Version22.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater2

Juniper ≫ Junos Os Evolved Version22.2 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater2-s2

Juniper ≫ Junos Os Evolved Version22.2 Updater3

Juniper ≫ Junos Os Evolved Version22.2 Updater3-s1

Juniper ≫ Junos Os Evolved Version22.2 Updater3-s2

Juniper ≫ Junos Os Evolved Version22.3 Update-

Juniper ≫ Junos Os Evolved Version22.3 Updater1

Juniper ≫ Junos Os Evolved Version22.3 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.3 Updater1-s2

Juniper ≫ Junos Os Evolved Version22.3 Updater2

Juniper ≫ Junos Os Evolved Version22.3 Updater2-s1

Juniper ≫ Junos Os Evolved Version22.3 Updater2-s2

Juniper ≫ Junos Os Evolved Version22.4 Update-

Juniper ≫ Junos Os Evolved Version22.4 Updater1

Juniper ≫ Junos Os Evolved Version22.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version22.4 Updater1-s2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-228 Improper Handling of Syntactically Invalid Structure

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Third Party Advisory

https://supportportal.juniper.net/JSA75753

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21612

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-21612