{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21593", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.704Z", "datePublished": "2024-04-12T14:54:08.039Z", "dateUpdated": "2024-07-05T17:22:43.008Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series with MPC10", "MPC11", "LC9600", "MX304"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S5", "status": "affected", "version": "21.4R3", "versionType": "semver"}, {"status": "unaffected", "version": "22.1"}, {"lessThan": "22.2R3-S2", "status": "affected", "version": "22.2R2", "versionType": "semver"}, {"lessThan": "22.3R2-S2", "status": "affected", "version": "22.3R1", "versionType": "semver"}, {"lessThan": "22.3R3-S1", "status": "affected", "version": "22.3R3", "versionType": "semver"}, {"lessThan": "22.4R2-S2, 22.4R3", "status": "affected", "version": "22.4R1", "versionType": "semver"}, {"lessThan": "23.2R1-S1, 23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be affected by this issue, the following configuration is required on the device:<br>&nbsp; [ encapsulation ethernet-ccc ]<br>"}], "value": "To be affected by this issue, the following configuration is required on the device:\n\u00a0 [ encapsulation ethernet-ccc ]"}], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br><br>If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.<br> <br><span style=\"background-color: rgb(255, 255, 255);\">Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.<br></span><br>This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.<br><br>This issue affects:<br>Juniper Networks Junos OS<br>21.4 versions from 21.4R3 earlier than 21.4R3-S5;<br>22.2 versions from 22.2R2 earlier than 22.2R3-S2;<br>22.3 versions from 22.3R1 earlier than 22.3R2-S2;<br>22.3 versions from 22.3R3 earlier than&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">22.3R3-S1</span><br>22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;<br>23.2 versions earlier than 23.2R1-S1, 23.2R2.<br><br><br>"}], "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than\u00a022.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T20:06:30.729Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA75732"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.</p><p><br></p>"}], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases."}], "source": {"advisory": "JSA75732", "defect": ["1720275"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-04-10T17:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-12T20:06:24.283051Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:43.008Z"}}]}}

{"descriptions": [{"lang": "en", "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than\u00a022.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2."}, {"lang": "es", "value": "Una vulnerabilidad de verificaci\u00f3n o manejo inadecuado de condiciones excepcionales en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Si un atacante env\u00eda un paquete MPLS espec\u00edfico, que al procesarse, provoca un bucle interno, lo que provoca un bloqueo y reinicio del PFE. La recepci\u00f3n continua de estos paquetes conduce a una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). La conexi\u00f3n cruzada de circuito (CCC) debe configurarse en el dispositivo para que se vea afectado por este problema. Este problema solo afecta a la serie MX con MPC10, MPC11, LC9600 y MX304. Este problema afecta a: Juniper Networks Junos OS 21.4 versiones desde 21.4R3 anteriores a 21.4R3-S5; Versiones 22.2 de 22.2R2 anteriores a 22.2R3-S2; Versiones 22.3 de 22.3R1 anteriores a 22.3R2-S2; Versiones 22.3 de 22.3R3 anteriores a 22.3R3-S1. Versiones 22.4 de 22.4R1 anteriores a 22.4R2-S2, 22.4R3; Versiones 23.2 anteriores a 23.2R1-S1, 23.2R2."}], "id": "CVE-2024-21593", "lastModified": "2024-05-16T20:15:08.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2024-04-12T15:15:23.187", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA75732"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}