CVE-2024-21593 (GCVE-0-2024-21593)

Vulnerability from cvelistv5 – Published: 2024-04-12 14:54 – Updated: 2024-08-01 22:27
VLAI?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 21.4R3 , < 21.4R3-S5 (semver)
Unaffected: 22.1
Affected: 22.2R2 , < 22.2R3-S2 (semver)
Affected: 22.3R1 , < 22.3R2-S2 (semver)
Affected: 22.3R3 , < 22.3R3-S1 (semver)
Affected: 22.4R1 , < 22.4R2-S2, 22.4R3 (semver)
Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T20:06:24.283051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:43.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75732"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series with MPC10",
            "MPC11",
            "LC9600",
            "MX304"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S5",
              "status": "affected",
              "version": "21.4R3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "22.1"
            },
            {
              "lessThan": "22.2R3-S2",
              "status": "affected",
              "version": "22.2R2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2",
              "status": "affected",
              "version": "22.3R1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4R1",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S1, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be affected by this issue, the following configuration is required on the device:\u003cbr\u003e\u0026nbsp;   [ encapsulation ethernet-ccc ]\u003cbr\u003e"
            }
          ],
          "value": "To be affected by this issue, the following configuration is required on the device:\n\u00a0   [ encapsulation ethernet-ccc ]"
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\u003cbr\u003e \u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e21.4 versions from 21.4R3 earlier than 21.4R3-S5;\u003cbr\u003e22.2 versions from 22.2R2 earlier than 22.2R3-S2;\u003cbr\u003e22.3 versions from 22.3R1 earlier than 22.3R2-S2;\u003cbr\u003e22.3 versions from 22.3R3 earlier than\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1\u003c/span\u003e\u003cbr\u003e22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\u003cbr\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than\u00a022.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:06:30.729Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75732"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA75732",
        "defect": [
          "1720275"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21593",
    "datePublished": "2024-04-12T14:54:08.039Z",
    "dateReserved": "2023-12-27T19:38:25.704Z",
    "dateUpdated": "2024-08-01T22:27:35.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\\n\\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\\n \\nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\\n\\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\\n\\nThis issue affects:\\nJuniper Networks Junos OS\\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\\n22.3 versions from 22.3R3 earlier than\\u00a022.3R3-S1\\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\\n23.2 versions earlier than 23.2R1-S1, 23.2R2.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de verificaci\\u00f3n o manejo inadecuado de condiciones excepcionales en el motor de reenv\\u00edo de paquetes (PFE) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\\u00f3n de servicio (DoS). Si un atacante env\\u00eda un paquete MPLS espec\\u00edfico, que al procesarse, provoca un bucle interno, lo que provoca un bloqueo y reinicio del PFE. La recepci\\u00f3n continua de estos paquetes conduce a una condici\\u00f3n sostenida de Denegaci\\u00f3n de Servicio (DoS). La conexi\\u00f3n cruzada de circuito (CCC) debe configurarse en el dispositivo para que se vea afectado por este problema. Este problema solo afecta a la serie MX con MPC10, MPC11, LC9600 y MX304. Este problema afecta a: Juniper Networks Junos OS 21.4 versiones desde 21.4R3 anteriores a 21.4R3-S5; Versiones 22.2 de 22.2R2 anteriores a 22.2R3-S2; Versiones 22.3 de 22.3R1 anteriores a 22.3R2-S2; Versiones 22.3 de 22.3R3 anteriores a 22.3R3-S1. Versiones 22.4 de 22.4R1 anteriores a 22.4R2-S2, 22.4R3; Versiones 23.2 anteriores a 23.2R1-S1, 23.2R2.\"}]",
      "id": "CVE-2024-21593",
      "lastModified": "2024-11-21T08:54:40.607",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"LOW\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2024-04-12T15:15:23.187",
      "references": "[{\"url\": \"https://supportportal.juniper.net/JSA75732\", \"source\": \"sirt@juniper.net\"}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"source\": \"sirt@juniper.net\"}, {\"url\": \"https://supportportal.juniper.net/JSA75732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-703\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21593\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-04-12T15:15:23.187\",\"lastModified\":\"2024-11-21T08:54:40.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\\n\\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\\n \\nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\\n\\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\\n\\nThis issue affects:\\nJuniper Networks Junos OS\\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\\n22.3 versions from 22.3R3 earlier than\u00a022.3R3-S1\\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\\n23.2 versions earlier than 23.2R1-S1, 23.2R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de verificaci\u00f3n o manejo inadecuado de condiciones excepcionales en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Si un atacante env\u00eda un paquete MPLS espec\u00edfico, que al procesarse, provoca un bucle interno, lo que provoca un bloqueo y reinicio del PFE. La recepci\u00f3n continua de estos paquetes conduce a una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). La conexi\u00f3n cruzada de circuito (CCC) debe configurarse en el dispositivo para que se vea afectado por este problema. Este problema solo afecta a la serie MX con MPC10, MPC11, LC9600 y MX304. Este problema afecta a: Juniper Networks Junos OS 21.4 versiones desde 21.4R3 anteriores a 21.4R3-S5; Versiones 22.2 de 22.2R2 anteriores a 22.2R3-S2; Versiones 22.3 de 22.3R1 anteriores a 22.3R2-S2; Versiones 22.3 de 22.3R3 anteriores a 22.3R3-S1. Versiones 22.4 de 22.4R1 anteriores a 22.4R2-S2, 22.4R3; Versiones 23.2 anteriores a 23.2R1-S1, 23.2R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-703\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA75732\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://supportportal.juniper.net/JSA75732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75732\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"tags\": [\"technical-description\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:35.554Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21593\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-12T20:06:24.283051Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:43.634Z\"}}], \"cna\": {\"title\": \"Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash\", \"source\": {\"defect\": [\"1720275\"], \"advisory\": \"JSA75732\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.4R3\", \"lessThan\": \"21.4R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"22.1\"}, {\"status\": \"affected\", \"version\": \"22.2R2\", \"lessThan\": \"22.2R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3R1\", \"lessThan\": \"22.3R2-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3R3\", \"lessThan\": \"22.3R3-S1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4R1\", \"lessThan\": \"22.4R2-S2, 22.4R3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R1-S1, 23.2R2\", \"versionType\": \"semver\"}], \"platforms\": [\"MX Series with MPC10\", \"MPC11\", \"LC9600\", \"MX304\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-04-10T17:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: \\n\\nJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-04-10T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75732\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"tags\": [\"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-av217\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\\n\\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\\n \\nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\\n\\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\\n\\nThis issue affects:\\nJuniper Networks Junos OS\\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\\n22.3 versions from 22.3R3 earlier than\\u00a022.3R3-S1\\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\\n23.2 versions earlier than 23.2R1-S1, 23.2R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\u003cbr\u003e \u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e21.4 versions from 21.4R3 earlier than 21.4R3-S5;\u003cbr\u003e22.2 versions from 22.2R2 earlier than 22.2R3-S2;\u003cbr\u003e22.3 versions from 22.3R1 earlier than 22.3R2-S2;\u003cbr\u003e22.3 versions from 22.3R3 earlier than\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e22.3R3-S1\u003c/span\u003e\u003cbr\u003e22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\u003cbr\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-703\", \"description\": \"CWE-703 Improper Check or Handling of Exceptional Conditions\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"Denial of Service (DoS)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be affected by this issue, the following configuration is required on the device:\\n\\u00a0   [ encapsulation ethernet-ccc ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be affected by this issue, the following configuration is required on the device:\u003cbr\u003e\u0026nbsp;   [ encapsulation ethernet-ccc ]\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-05-16T20:06:30.729Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21593\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:27:35.554Z\", \"dateReserved\": \"2023-12-27T19:38:25.704Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-04-12T14:54:08.039Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.