Vulnerability-Lookup

BDU:2024-00445

Vulnerability from fstec - Published: 10.01.2024

Title

Уязвимость механизма пересылки пакетов (PFE) операционной системы Juniper Networks Junos, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость механизма пересылки пакетов (PFE) операционной системы Juniper Networks Junos связана с неправильной проверкой синтаксической корректности ввода. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

от 22.3 до 22.3R2-S2 (JunOS), от 22.3 до 22.3R3 (JunOS), от 22.4 до 22.4R2 (JunOS), от 21.4R3 до 21.4R3-S4 (JunOS), от 22.1R3 до 22.1R3-S3 (JunOS), от 22.2R2 до 22.2R3-S1 (JunOS), от 23.1 до 23.1R2 (JunOS)

Possible Mitigations

Использование рекомендаций: https://supportportal.juniper.net/JSA75734

Reference

https://vuldb.com/it/?id.250515 https://supportportal.juniper.net/JSA75734 https://www.cybersecurity-help.cz/vdb/SB2024011066

CWE

CWE-1286

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 22.3 \u0434\u043e 22.3R2-S2 (JunOS), \u043e\u0442 22.3 \u0434\u043e 22.3R3 (JunOS), \u043e\u0442 22.4 \u0434\u043e 22.4R2 (JunOS), \u043e\u0442 21.4R3 \u0434\u043e 21.4R3-S4 (JunOS), \u043e\u0442 22.1R3 \u0434\u043e 22.1R3-S3 (JunOS), \u043e\u0442 22.2R2 \u0434\u043e 22.2R3-S1 (JunOS), \u043e\u0442 23.1 \u0434\u043e 23.1R2 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://supportportal.juniper.net/JSA75734",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00445",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21595",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R2-S2 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R3 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R2-S2 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R3 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.4 \u0434\u043e 22.4R2 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.4 \u0434\u043e 22.4R2 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 21.4R3 \u0434\u043e 21.4R3-S4 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 21.4R3 \u0434\u043e 21.4R3-S4 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 21.4R3 \u0434\u043e 21.4R3-S4 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 21.4R3 \u0434\u043e 21.4R3-S4 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.1R3 \u0434\u043e 22.1R3-S3 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.1R3 \u0434\u043e 22.1R3-S3 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.1R3 \u0434\u043e 22.1R3-S3 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.1R3 \u0434\u043e 22.1R3-S3 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.2R2 \u0434\u043e 22.2R3-S1 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.2R2 \u0434\u043e 22.2R3-S1 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.2R2 \u0434\u043e 22.2R3-S1 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.2R2 \u0434\u043e 22.2R3-S1 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R2-S2 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R2-S2 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R3 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.3 \u0434\u043e 22.3R3 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 23.1 \u0434\u043e 23.1R2 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 23.1 \u0434\u043e 23.1R2 EX4400 Series, Juniper Networks Inc. JunOS \u043e\u0442 23.1 \u0434\u043e 23.1R2 EX4600 Series, Juniper Networks Inc. JunOS \u043e\u0442 23.1 \u0434\u043e 23.1R2 QFX5000 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.4 \u0434\u043e 22.4R2 EX4100 Series, Juniper Networks Inc. JunOS \u043e\u0442 22.4 \u0434\u043e 22.4R2 EX4400 Series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 (PFE) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Juniper Networks Junos, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430 (CWE-1286)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 (PFE) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Juniper Networks Junos \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/it/?id.250515\nhttps://supportportal.juniper.net/JSA75734\nhttps://www.cybersecurity-help.cz/vdb/SB2024011066",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1286",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2024-21595 (GCVE-0-2024-21595)

Vulnerability from cvelistv5 – Published: 2024-01-12 00:52 – Updated: 2024-09-03 18:13

Title

Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang

Summary

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input
Denial of Service (DoS)

Assigner

juniper

References

URL

Tags

	https://advisory.juniper.net/JSA75734	vendor-advisory
	https://www.first.org/cvss/calculator/4.0#CVSS:4.…	technical-description

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 21.4R3 , < 21.4R3-S4 (semver) Affected: 22.1R3 , < 22.1R3-S3 (semver) Affected: 22.2R2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R2 (semver) Affected: 23.1 , < 23.1R2 (semver)

Date Public ?

2024-01-10 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:34.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://advisory.juniper.net/JSA75734"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4R3-S4",
                "status": "affected",
                "version": "21.4R3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S3",
                "status": "affected",
                "version": "22.1R3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S1",
                "status": "affected",
                "version": "22.2R2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R2-S2",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R2",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.1R2",
                "status": "affected",
                "version": "23.1",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-25T18:46:03.901666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T18:13:05.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "EX4100",
            "EX4400",
            "EX4600",
            "QFX5000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3",
              "status": "affected",
              "version": "22.1R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S1",
              "status": "affected",
              "version": "22.2R2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2, 22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.1R2",
              "status": "affected",
              "version": "23.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003c/p\u003e\u003ccode\u003e  [ vlans \u0026lt;vlan\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [ routing-instances \u0026lt;routing-instance\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n  [ vlans \u003cvlan\u003e vxlan ]\n  [ routing-instances \u003crouting-instance\u003e vxlan ]\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\u003c/p\u003e\u003cp\u003eThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4R3 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1R3 versions earlier than 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2R2 versions earlier than 22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.4R3 versions earlier than 21.4R3-S4;\n  *  22.1R3 versions earlier than 22.1R3-S3;\n  *  22.2R2 versions earlier than 22.2R3-S1;\n  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;\n  *  22.4 versions earlier than 22.4R2;\n  *  23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T00:52:35.433Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://advisory.juniper.net/JSA75734"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75734",
        "defect": [
          "1719542"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21595",
    "datePublished": "2024-01-12T00:52:35.433Z",
    "dateReserved": "2023-12-27T19:38:25.704Z",
    "dateUpdated": "2024-09-03T18:13:05.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-00445

CVE-2024-21595 (GCVE-0-2024-21595)

Tags

Sightings

Nomenclature