Lucene search

[email protected]NVD:CVE-2024-21604

HistoryJan 12, 2024 - 1:15 a.m.

CVE-2024-21604

2024-01-1201:15:48

CWE-770

[email protected]

web.nvd.nist.gov

juniper networks

junos os

vulnerability

dos

packet dropping

system outage

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.

The following log messages can be seen when this issue occurs:

<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet
This issue affects Juniper Networks Junos OS Evolved:

All versions earlier than 20.4R3-S7-EVO;
21.2R1-EVO and later versions;
21.4-EVO versions earlier than 21.4R3-S5-EVO;
22.1-EVO versions earlier than 22.1R3-S2-EVO;
22.2-EVO versions earlier than 22.2R3-EVO;
22.3-EVO versions earlier than 22.3R2-EVO;
22.4-EVO versions earlier than 22.4R2-EVO.

Affected configurations

NVD

Node

juniperjunos_os_evolvedMatch21.2r1-s1

juniperjunos_os_evolvedMatch21.2r1-s2

juniperjunos_os_evolvedMatch21.2r2

juniperjunos_os_evolvedMatch21.2r2-s1

juniperjunos_os_evolvedMatch21.2r2-s2

juniperjunos_os_evolvedMatch21.2r3

juniperjunos_os_evolvedMatch21.2r3-s1

juniperjunos_os_evolvedMatch21.2r3-s2

juniperjunos_os_evolvedMatch21.2r3-s3

juniperjunos_os_evolvedMatch21.2r3-s4

juniperjunos_os_evolvedMatch21.2r3-s5

juniperjunos_os_evolvedMatch21.2r3-s6

Node

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r1-s2

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch21.4r2-s1

juniperjunos_os_evolvedMatch21.4r2-s2

juniperjunos_os_evolvedMatch21.4r3

juniperjunos_os_evolvedMatch21.4r3-s1

juniperjunos_os_evolvedMatch21.4r3-s2

juniperjunos_os_evolvedMatch21.4r3-s3

juniperjunos_os_evolvedMatch21.4r3-s4

Node

juniperjunos_os_evolvedMatch22.1-

juniperjunos_os_evolvedMatch22.1r1

juniperjunos_os_evolvedMatch22.1r1-s1

juniperjunos_os_evolvedMatch22.1r1-s2

juniperjunos_os_evolvedMatch22.1r2

juniperjunos_os_evolvedMatch22.1r2-s1

juniperjunos_os_evolvedMatch22.1r3

juniperjunos_os_evolvedMatch22.1r3-s1

Node

juniperjunos_os_evolvedMatch22.2-

juniperjunos_os_evolvedMatch22.2r1

juniperjunos_os_evolvedMatch22.2r1-s1

juniperjunos_os_evolvedMatch22.2r2

juniperjunos_os_evolvedMatch22.2r2-s1

juniperjunos_os_evolvedMatch22.2r2-s2

Node

juniperjunos_os_evolvedMatch22.3-

juniperjunos_os_evolvedMatch22.3r1

juniperjunos_os_evolvedMatch22.3r1-s1

juniperjunos_os_evolvedMatch22.3r1-s2

Node

juniperjunos_os_evolvedMatch22.4-

juniperjunos_os_evolvedMatch22.4r1

juniperjunos_os_evolvedMatch22.4r1-s1

juniperjunos_os_evolvedMatch22.4r1-s2

References

supportportal.juniper.net/JSA75745

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2024-21604

cve1 prion1 cvelist1