CVE-2024-21600Improper Neutralization of Equivalent Special Elements in Networks Junos OS

CWE-76Improper Neutralization of Equivalent Special Elements4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 87.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 12

Description

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.121.1R3-S4+6
NVDjuniper/junos7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-8f5g-v4g5-c448: An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Seri2024-01-12
CVEList
Junos OS: PTX Series: In an FTI scenario MPLS packets hitting reject next-hop will cause a host path wedge condition2024-01-12

📋Vendor Advisories

1
Juniper
CVE-2024-21600: An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Ser2024-01-12
CVE-2024-21600 — Networks Junos OS vulnerability | cvebase