cvelistv5 - cve-2025-30659

CVE-2025-30659 (GCVE-0-2025-30659)

Vulnerability from cvelistv5 – Published: 2025-04-09 20:03 – Updated: 2025-04-09 20:30

Summary

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2. This issue does not affect versions before 21.4.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

CWE

CWE-130 - Improper Handling of Length Parameter Inconsistency

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA96470

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 21.4R1 , < 21.4* (semver) Affected: 22.2 , < 22.2R3-S6 (semver) Affected: 22.4 , < 22.4R3-S6 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S4 (semver) Affected: 24.2 , < 24.2R2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T20:30:29.483767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T20:30:38.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4*",
              "status": "affected",
              "version": "21.4R1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S6",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S6",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue the SRX needs to be configured for SVR:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services\u0026nbsp;vector-routing ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue the SRX needs to be configured for SVR:\n\n[ services\u00a0vector-routing ]"
        }
      ],
      "datePublic": "2025-04-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll 21.4 versions,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 21.4."
            }
          ],
          "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  All 21.4 versions,\n  *  22.2 versions before 22.2R3-S6,\n  *  22.4 versions before 22.4R3-S6,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-09T20:03:23.936Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA96470"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA96470",
        "defect": [
          "1820807"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-09T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-30659",
    "datePublished": "2025-04-09T20:03:23.936Z",
    "dateReserved": "2025-03-24T19:34:11.323Z",
    "dateUpdated": "2025-04-09T20:30:38.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30659\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-04-09T20:15:30.130\",\"lastModified\":\"2025-04-11T15:40:10.277\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\\n\\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\\nThis issue affects Junos OS on SRX Series:\\n\\n\\n\\n  *  All 21.4 versions,\\n  *  22.2 versions before 22.2R3-S6,\\n  *  22.4 versions before 22.4R3-S6,\\n  *  23.2 versions before 23.2R2-S3,\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2.\\n\\n\\n\\n\\nThis issue does not affect versions before 21.4.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de gesti\u00f3n incorrecta de la inconsistencia del par\u00e1metro de longitud en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS en la serie SRX permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Cuando un dispositivo configurado para enrutamiento vectorial seguro (SVR) recibe un paquete espec\u00edficamente malformado, el PFE se bloquea y se reinicia. Este problema afecta a Junos OS en la serie SRX: * Todas las versiones 21.4, * Versiones 22.2 anteriores a 22.2R3-S6, * Versiones 22.4 anteriores a 22.4R3-S6, * Versiones 23.2 anteriores a 23.2R2-S3, * Versiones 23.4 anteriores a 23.4R2-S4, * Versiones 24.2 anteriores a 24.2R2. Este problema no afecta a las versiones anteriores a la 21.4.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-130\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA96470\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30659\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-09T20:30:29.483767Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-09T20:30:34.731Z\"}}], \"cna\": {\"title\": \"Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic\", \"source\": {\"defect\": [\"1820807\"], \"advisory\": \"JSA96470\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.4R1\", \"lessThan\": \"21.4*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2\", \"versionType\": \"semver\"}], \"platforms\": [\"SRX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-09T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2025-04-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA96470\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\\n\\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\\nThis issue affects Junos OS on SRX Series:\\n\\n\\n\\n  *  All 21.4 versions,\\n  *  22.2 versions before 22.2R3-S6,\\n  *  22.4 versions before 22.4R3-S6,\\n  *  23.2 versions before 23.2R2-S3,\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2.\\n\\n\\n\\n\\nThis issue does not affect versions before 21.4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll 21.4 versions,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 21.4.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-130\", \"description\": \"CWE-130 Improper Handling of Length Parameter Inconsistency\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue the SRX needs to be configured for SVR:\\n\\n[ services\\u00a0vector-routing ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be exposed to this issue the SRX needs to be configured for SVR:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services\u0026nbsp;vector-routing ]\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-04-09T20:03:23.936Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30659\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-09T20:30:38.589Z\", \"dateReserved\": \"2025-03-24T19:34:11.323Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-04-09T20:03:23.936Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-G6R3-VQHR-8438

Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31

Details

When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series:

All 21.4 versions,
22.2 versions before 22.2R3-S6,
22.4 versions before 22.4R3-S6,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R2.

This issue does not affect versions before 21.4.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-30659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-130"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:30Z",
    "severity": "HIGH"
  },
  "details": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  All 21.4 versions,\n  *  22.2 versions before 22.2R3-S6,\n  *  22.4 versions before 22.4R3-S6,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4.",
  "id": "GHSA-g6r3-vqhr-8438",
  "modified": "2025-04-09T21:31:44Z",
  "published": "2025-04-09T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30659"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96470"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

WID-SEC-W-2025-0777

Vulnerability from csaf_certbund - Published: 2025-04-09 22:00 - Updated: 2025-04-09 22:00

Summary

Juniper JUNOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen preiszugeben und möglicherweise beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen preiszugeben und m\u00f6glicherweise beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0777 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0777.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0777 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0777"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-04-09",
        "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed?language=en_US"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-10T11:20:03.755+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0777",
      "initial_release_date": "2025-04-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Juniper JUNOS",
                "product": {
                  "name": "Juniper JUNOS",
                  "product_id": "T042690",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Evolved",
                "product": {
                  "name": "Juniper JUNOS Evolved",
                  "product_id": "T042696",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:evolved"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-21591",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-21591"
    },
    {
      "cve": "CVE-2025-21594",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-21594"
    },
    {
      "cve": "CVE-2025-21595",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-21595"
    },
    {
      "cve": "CVE-2025-21597",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-21597"
    },
    {
      "cve": "CVE-2025-21601",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-21601"
    },
    {
      "cve": "CVE-2025-30644",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30644"
    },
    {
      "cve": "CVE-2025-30645",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30645"
    },
    {
      "cve": "CVE-2025-30646",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30646"
    },
    {
      "cve": "CVE-2025-30647",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30647"
    },
    {
      "cve": "CVE-2025-30648",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30648"
    },
    {
      "cve": "CVE-2025-30649",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30649"
    },
    {
      "cve": "CVE-2025-30651",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30651"
    },
    {
      "cve": "CVE-2025-30652",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30652"
    },
    {
      "cve": "CVE-2025-30653",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30653"
    },
    {
      "cve": "CVE-2025-30654",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30654"
    },
    {
      "cve": "CVE-2025-30655",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30655"
    },
    {
      "cve": "CVE-2025-30656",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30656"
    },
    {
      "cve": "CVE-2025-30657",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30657"
    },
    {
      "cve": "CVE-2025-30658",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30658"
    },
    {
      "cve": "CVE-2025-30659",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30659"
    },
    {
      "cve": "CVE-2025-30660",
      "product_status": {
        "known_affected": [
          "T042696",
          "T042690"
        ]
      },
      "release_date": "2025-04-09T22:00:00.000+00:00",
      "title": "CVE-2025-30660"
    }
  ]
}

CERTFR-2025-AVI-0304

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R3-S10
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2.x antérieures à 22.2R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S10-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R3
Juniper Networks	Junos OS	Junos OS versions 23.4.x antérieures à 23.4R2-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO
Juniper Networks	CTPView	CTPView versions antérieures à 9.2R1
Juniper Networks	Junos OS	Junos OS versions 22.4.x antérieures à 22.4R3-S6
Juniper Networks	Junos OS	Junos OS versions 23.2.x antérieures à 23.2R2-S3
Juniper Networks	Junos OS	Junos OS versions 24.2.x antérieures à 24.2R2
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA96456	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96447	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96467	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96461	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96446	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96451	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96470	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96458	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96462	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96457	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96466	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96463	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96459	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96450	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96464	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96453	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96465	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96444	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96469	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96448	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96471	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96449	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96455	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96452	2025-04-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-27820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
    },
    {
      "name": "CVE-2024-42284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2025-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21597"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30658"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
    },
    {
      "name": "CVE-2024-26852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2025-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30657"
    },
    {
      "name": "CVE-2025-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30660"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21601"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-40725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
    },
    {
      "name": "CVE-2019-7611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2025-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21591"
    },
    {
      "name": "CVE-2025-30649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30649"
    },
    {
      "name": "CVE-2025-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30652"
    },
    {
      "name": "CVE-2024-40789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2025-30651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30651"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2024-39884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-27838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27838"
    },
    {
      "name": "CVE-2024-23271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23271"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-30647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30647"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2025-30654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30654"
    },
    {
      "name": "CVE-2025-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30655"
    },
    {
      "name": "CVE-2024-40782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2021-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47596"
    },
    {
      "name": "CVE-2025-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30659"
    },
    {
      "name": "CVE-2025-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30653"
    },
    {
      "name": "CVE-2025-30645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30645"
    },
    {
      "name": "CVE-2020-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7021"
    },
    {
      "name": "CVE-2021-22135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22135"
    },
    {
      "name": "CVE-2025-30646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30646"
    },
    {
      "name": "CVE-2024-27851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
    },
    {
      "name": "CVE-2025-30644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30644"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30656"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2021-22144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22144"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2025-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21595"
    },
    {
      "name": "CVE-2025-30648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30648"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2021-22137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2025-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21594"
    },
    {
      "name": "CVE-2020-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
    }
  ]
}

CERTFR-2025-AVI-0304

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R3-S10
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2.x antérieures à 22.2R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S10-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R3
Juniper Networks	Junos OS	Junos OS versions 23.4.x antérieures à 23.4R2-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO
Juniper Networks	CTPView	CTPView versions antérieures à 9.2R1
Juniper Networks	Junos OS	Junos OS versions 22.4.x antérieures à 22.4R3-S6
Juniper Networks	Junos OS	Junos OS versions 23.2.x antérieures à 23.2R2-S3
Juniper Networks	Junos OS	Junos OS versions 24.2.x antérieures à 24.2R2
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA96456	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96447	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96467	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96461	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96446	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96451	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96470	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96458	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96462	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96457	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96466	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96463	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96459	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96450	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96464	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96453	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96465	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96444	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96469	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96448	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96471	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96449	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96455	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96452	2025-04-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-27820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
    },
    {
      "name": "CVE-2024-42284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2025-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21597"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30658"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
    },
    {
      "name": "CVE-2024-26852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2025-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30657"
    },
    {
      "name": "CVE-2025-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30660"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21601"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-40725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
    },
    {
      "name": "CVE-2019-7611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2025-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21591"
    },
    {
      "name": "CVE-2025-30649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30649"
    },
    {
      "name": "CVE-2025-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30652"
    },
    {
      "name": "CVE-2024-40789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2025-30651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30651"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2024-39884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-27838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27838"
    },
    {
      "name": "CVE-2024-23271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23271"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-30647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30647"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2025-30654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30654"
    },
    {
      "name": "CVE-2025-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30655"
    },
    {
      "name": "CVE-2024-40782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2021-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47596"
    },
    {
      "name": "CVE-2025-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30659"
    },
    {
      "name": "CVE-2025-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30653"
    },
    {
      "name": "CVE-2025-30645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30645"
    },
    {
      "name": "CVE-2020-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7021"
    },
    {
      "name": "CVE-2021-22135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22135"
    },
    {
      "name": "CVE-2025-30646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30646"
    },
    {
      "name": "CVE-2024-27851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
    },
    {
      "name": "CVE-2025-30644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30644"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30656"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2021-22144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22144"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2025-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21595"
    },
    {
      "name": "CVE-2025-30648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30648"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2021-22137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2025-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21594"
    },
    {
      "name": "CVE-2020-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
    }
  ]
}

FKIE_CVE-2025-30659

Vulnerability from fkie_nvd - Published: 2025-04-09 20:15 - Updated: 2025-04-11 15:40

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA96470

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  All 21.4 versions,\n  *  22.2 versions before 22.2R3-S6,\n  *  22.4 versions before 22.4R3-S6,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de gesti\u00f3n incorrecta de la inconsistencia del par\u00e1metro de longitud en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS en la serie SRX permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Cuando un dispositivo configurado para enrutamiento vectorial seguro (SVR) recibe un paquete espec\u00edficamente malformado, el PFE se bloquea y se reinicia. Este problema afecta a Junos OS en la serie SRX: * Todas las versiones 21.4, * Versiones 22.2 anteriores a 22.2R3-S6, * Versiones 22.4 anteriores a 22.4R3-S6, * Versiones 23.2 anteriores a 23.2R2-S3, * Versiones 23.4 anteriores a 23.4R2-S4, * Versiones 24.2 anteriores a 24.2R2. Este problema no afecta a las versiones anteriores a la 21.4."
    }
  ],
  "id": "CVE-2025-30659",
  "lastModified": "2025-04-11T15:40:10.277",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-09T20:15:30.130",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA96470"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-130"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-30659 (GCVE-0-2025-30659)

GHSA-G6R3-VQHR-8438

WID-SEC-W-2025-0777

CERTFR-2025-AVI-0304

Solutions

CERTFR-2025-AVI-0304

Solutions

FKIE_CVE-2025-30659

Tags

Sightings

Nomenclature