8.7

CVE-2025-21601

Medienbericht

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. 

Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.




This issue affects Junos OS: 



  *  All versions before 21.4R3-S9,
  *  from 22.2 before 22.2R3-S5,
  *  from 22.4 before 22.4R3-S4,
  *  from 23.2 before 23.2R2-S3,
  *  from 23.4 before 23.4R2-S3,
  *  from 24.2 before 24.2R1-S1, 24.2R2.


An indicator of compromise is to review the CPU % of the httpd process in the CLI:
e.g.
  show system processes extensive | match httpd  PID nobody       52    0    20M    191M select   2   0:01   80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version <= 21.4
JuniperJunos Version21.4 Updater1
JuniperJunos Version21.4 Updater1-s1
JuniperJunos Version21.4 Updater1-s2
JuniperJunos Version21.4 Updater2
JuniperJunos Version21.4 Updater2-s1
JuniperJunos Version21.4 Updater2-s2
JuniperJunos Version21.4 Updater3
JuniperJunos Version21.4 Updater3-s1
JuniperJunos Version21.4 Updater3-s2
JuniperJunos Version21.4 Updater3-s3
JuniperJunos Version21.4 Updater3-s4
JuniperJunos Version21.4 Updater3-s5
JuniperJunos Version21.4 Updater3-s6
JuniperJunos Version21.4 Updater3-s7
JuniperJunos Version21.4 Updater3-s8
JuniperJunos Version22.2 Update-
JuniperJunos Version22.2 Updater1
JuniperJunos Version22.2 Updater1-s1
JuniperJunos Version22.2 Updater1-s2
JuniperJunos Version22.2 Updater2
JuniperJunos Version22.2 Updater2-s1
JuniperJunos Version22.2 Updater2-s2
JuniperJunos Version22.2 Updater3
JuniperJunos Version22.2 Updater3-s1
JuniperJunos Version22.2 Updater3-s2
JuniperJunos Version22.2 Updater3-s3
JuniperJunos Version22.2 Updater3-s4
JuniperJunos Version22.4 Update-
JuniperJunos Version22.4 Updater1
JuniperJunos Version22.4 Updater1-s1
JuniperJunos Version22.4 Updater1-s2
JuniperJunos Version22.4 Updater2
JuniperJunos Version22.4 Updater2-s1
JuniperJunos Version22.4 Updater2-s2
JuniperJunos Version22.4 Updater3
JuniperJunos Version22.4 Updater3-s1
JuniperJunos Version22.4 Updater3-s2
JuniperJunos Version22.4 Updater3-s3
JuniperJunos Version23.2 Update-
JuniperJunos Version23.2 Updater1
JuniperJunos Version23.2 Updater1-s1
JuniperJunos Version23.2 Updater1-s2
JuniperJunos Version23.2 Updater2
JuniperJunos Version23.2 Updater2-s1
JuniperJunos Version23.2 Updater2-s2
JuniperJunos Version23.4 Update-
JuniperJunos Version23.4 Updater1
JuniperJunos Version23.4 Updater1-s1
JuniperJunos Version23.4 Updater1-s2
JuniperJunos Version23.4 Updater2
JuniperJunos Version23.4 Updater2-s1
JuniperJunos Version23.4 Updater2-s2
JuniperJunos Version24.2 Update-
JuniperJunos Version24.2 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.322
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-573 Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.