CVE-2024-21595 — Improper Validation of Syntactic Correctness of Input in Networks Junos OS

CWE-1286 — Improper Validation of Syntactic Correctness of Input4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 70.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 12

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX46…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.4R3 — 21.4R3-S4+5

▶NVDjuniper/junos6 versions+5

🔴Vulnerability Details

CVEList

Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang↗2024-01-12

▶

GHSA

GHSA-38gm-m6ww-x846: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a net↗2024-01-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21595: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a ne↗2024-01-12

▶