FKIE_CVE-2024-21595

Vulnerability from fkie_nvd - Published: 2024-01-12 01:15 - Updated: 2024-11-21 08:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.
References
sirt@juniper.nethttps://advisory.juniper.net/JSA75734Vendor Advisory
sirt@juniper.nethttps://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.juniper.net/JSA75734Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NThird Party Advisory
Impacted products
Vendor Product Version
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 21.4
juniper junos 22.1
juniper junos 22.1
juniper junos 22.1
juniper junos 22.2
juniper junos 22.2
juniper junos 22.2
juniper junos 22.2
juniper junos 22.3
juniper junos 22.3
juniper junos 22.3
juniper junos 22.3
juniper junos 22.3
juniper junos 22.3
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.1
juniper ex4100 -
juniper ex4400 -
juniper ex4600 -
juniper qfx5100 -
juniper qfx5100-96s -
juniper qfx5110 -
juniper qfx5120 -
juniper qfx5130 -
juniper qfx5200 -
juniper qfx5200-32c -
juniper qfx5200-48y -
juniper qfx5210 -
juniper qfx5210-64c -
juniper qfx5220 -
juniper qfx5700 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "0038F142-6F5E-476D-A1EC-E977FD30F155",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD0F680-ED30-48F3-A5D9-988D510CFC0D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D790AD-D00F-4FED-96FE-3046C827356B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD9AD5C-947D-41EF-9969-FCCEB144984F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86047DE-A0A0-4698-9414-B66C0FA7B544",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.4R3 versions earlier than 21.4R3-S4;\n  *  22.1R3 versions earlier than 22.1R3-S3;\n  *  22.2R2 versions earlier than 22.2R3-S1;\n  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;\n  *  22.4 versions earlier than 22.4R2;\n  *  23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de validaci\u00f3n inadecuada de la correcci\u00f3n sint\u00e1ctica de la entrada en el Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Si un atacante env\u00eda una alta tasa de tr\u00e1fico ICMP espec\u00edfico a un dispositivo con VXLAN configurado, esto provoca un bloqueo del PFE y hace que el dispositivo deje de responder. Ser\u00e1 necesario reiniciar manualmente para recuperar el dispositivo. Este problema solo afecta a los dispositivos de las series EX4100, EX4400, EX4600 y QFX5000. Este problema afecta a: Juniper Networks Junos OS * versiones 21.4R3 anteriores a 21.4R3-S4; * Versiones 22.1R3 anteriores a 22.1R3-S3; * Versiones 22.2R2 anteriores a 22.2R3-S1; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2; * Versiones 23.1 anteriores a 23.1R2."
    }
  ],
  "id": "CVE-2024-21595",
  "lastModified": "2024-11-21T08:54:40.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-12T01:15:47.063",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.juniper.net/JSA75734"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.juniper.net/JSA75734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1286"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.