{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21586", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.703Z", "datePublished": "2024-07-01T16:34:21.768Z", "dateUpdated": "2024-08-01T22:27:34.830Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["SRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R1", "status": "unaffected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S7.9", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S5.3", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S4.11", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["NFX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R1", "status": "unaffected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S8", "status": "affected", "version": "21.4", "versionType": "semver"}, {"status": "affected", "version": "22.1"}, {"lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}]}], "datePublic": "2024-07-01T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br><br>If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.<br><br><span style=\"background-color: var(--wht);\">This issue affects Junos OS on SRX Series:</span><p></p><ul><li>21.4 versions before 21.4R3-S7.9,</li><li>22.1 versions before 22.1R3-S5.3,</li><li>22.2 versions before 22.2R3-S4.11,</li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R3.</li>\n\n</ul>\n\n<span style=\"background-color: var(--wht);\">This issue affects Junos OS on NFX Series:</span><p></p><ul><li>21.4 versions before 21.4R3-S8,</li><li>22.1 versions after 22.1R1,</li><li>22.2 versions before 22.2R3-S5,</li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R3.</li>\n\n</ul>\n\nJunos OS versions prior to 21.4R1 are not affected by this issue."}], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.\n\nThis issue affects Junos OS on SRX Series:\n\n * 21.4 versions before 21.4R3-S7.9,\n * 22.1 versions before 22.1R3-S5.3,\n * 22.2 versions before 22.2R3-S4.11,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nThis issue affects Junos OS on NFX Series:\n\n * 21.4 versions before 21.4R3-S8,\n * 22.1 versions after 22.1R1,\n * 22.2 versions before 22.2R3-S5,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nJunos OS versions prior to 21.4R1 are not affected by this issue."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.&nbsp;However, multiple occurrences of this issue have been reported in production."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u00a0However, multiple occurrences of this issue have been reported in production."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-18T11:56:34.905Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA83195"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nThe following software releases have been updated to resolve this specific issue: <br>SRX Series: 21.4R3-S7.<strong>9</strong>, 22.1R3-S5.<strong>3</strong>, 22.2R3-S4.<strong>11</strong>, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;<br>NFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.<br>* Pending publication.<br><br>Please note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n"}], "value": "\nThe following software releases have been updated to resolve this specific issue: \nSRX Series: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;\nNFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n* Pending publication.\n\nPlease note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n"}], "source": {"advisory": "JSA83195", "defect": ["1719594"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-07-01T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2024-07-18T11:55:00.000Z", "value": "Updated to include NFX Series as affected with the resp. fixes. Added link to CVE at cve.org"}], "title": "Junos OS: SRX Series and NFX Series: Specific valid traffic leads to a PFE crash", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos", "cpes": ["cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "21.4r1", "versionType": "semver"}]}, {"vendor": "juniper", "product": "junos", "cpes": ["cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "21.4", "status": "affected", "lessThan": "21.4r3-s7.9", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1r3-s5.3", "versionType": "custom"}, {"version": "22.2", "status": "affected", "lessThan": "22.2r3-s4.11", "versionType": "custom"}, {"version": "22.3", "status": "affected", "lessThan": "22.3r3", "versionType": "custom"}, {"version": "22.4", "status": "affected", "lessThan": "22.4r3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T18:15:05.037600Z", "id": "CVE-2024-21586", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T18:15:08.861Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.830Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA83195"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://supportportal.juniper.net/JSA83195", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.830Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T18:15:05.037600Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4r1", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "21.4", "lessThan": "21.4r3-s7.9", "versionType": "custom"}, {"status": "affected", "version": "22.1", "lessThan": "22.1r3-s5.3", "versionType": "custom"}, {"status": "affected", "version": "22.2", "lessThan": "22.2r3-s4.11", "versionType": "custom"}, {"status": "affected", "version": "22.3", "lessThan": "22.3r3", "versionType": "custom"}, {"status": "affected", "version": "22.4", "lessThan": "22.4r3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T18:14:51.149Z"}}], "cna": {"title": "Junos OS: SRX Series and NFX Series: Specific valid traffic leads to a PFE crash", "source": {"defect": ["1719594"], "advisory": "JSA83195", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "unaffected", "version": "0", "lessThan": "21.4R1", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7.9", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S5.3", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4.11", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}], "platforms": ["SRX Series"], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "unaffected", "version": "0", "lessThan": "21.4R1", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S8", "versionType": "semver"}, {"status": "affected", "version": "22.1"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}], "platforms": ["NFX Series"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u00a0However, multiple occurrences of this issue have been reported in production.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.&nbsp;However, multiple occurrences of this issue have been reported in production.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-07-01T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2024-07-18T11:55:00.000Z", "value": "Updated to include NFX Series as affected with the resp. fixes. Added link to CVE at cve.org"}], "solutions": [{"lang": "en", "value": "\nThe following software releases have been updated to resolve this specific issue: \nSRX Series: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;\nNFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n* Pending publication.\n\nPlease note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nThe following software releases have been updated to resolve this specific issue: <br>SRX Series: 21.4R3-S7.<strong>9</strong>, 22.1R3-S5.<strong>3</strong>, 22.2R3-S4.<strong>11</strong>, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;<br>NFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.<br>* Pending publication.<br><br>Please note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n", "base64": false}]}], "datePublic": "2024-07-01T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA83195", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.\n\nThis issue affects Junos OS on SRX Series:\n\n * 21.4 versions before 21.4R3-S7.9,\n * 22.1 versions before 22.1R3-S5.3,\n * 22.2 versions before 22.2R3-S4.11,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nThis issue affects Junos OS on NFX Series:\n\n * 21.4 versions before 21.4R3-S8,\n * 22.1 versions after 22.1R1,\n * 22.2 versions before 22.2R3-S5,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nJunos OS versions prior to 21.4R1 are not affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br><br>If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.<br><br><span style=\"background-color: var(--wht);\">This issue affects Junos OS on SRX Series:</span><p></p><ul><li>21.4 versions before 21.4R3-S7.9,</li><li>22.1 versions before 22.1R3-S5.3,</li><li>22.2 versions before 22.2R3-S4.11,</li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R3.</li>\n\n</ul>\n\n<span style=\"background-color: var(--wht);\">This issue affects Junos OS on NFX Series:</span><p></p><ul><li>21.4 versions before 21.4R3-S8,</li><li>22.1 versions after 22.1R1,</li><li>22.2 versions before 22.2R3-S5,</li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R3.</li>\n\n</ul>\n\nJunos OS versions prior to 21.4R1 are not affected by this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-18T11:56:34.905Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21586", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:34.830Z", "dateReserved": "2023-12-27T19:38:25.703Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-01T16:34:21.768Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.\n\nThis issue affects Junos OS on SRX Series:\n\n * 21.4 versions before 21.4R3-S7.9,\n * 22.1 versions before 22.1R3-S5.3,\n * 22.2 versions before 22.2R3-S4.11,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nThis issue affects Junos OS on NFX Series:\n\n * 21.4 versions before 21.4R3-S8,\n * 22.1 versions after 22.1R1,\n * 22.2 versions before 22.2R3-S5,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nJunos OS versions prior to 21.4R1 are not affected by this issue."}, {"lang": "es", "value": "Una verificaci\u00f3n inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado provoque una denegaci\u00f3n de servicio (DoS). Si un dispositivo de la serie SRX recibe tr\u00e1fico v\u00e1lido espec\u00edfico destinado al dispositivo, provocar\u00e1 que el PFE falle y se reinicie. La recepci\u00f3n y procesamiento continuo de este tr\u00e1fico crear\u00e1 una condici\u00f3n DoS sostenida. Este problema afecta a Junos OS en la serie SRX: * versiones 21.4 anteriores a 21.4R3-S7.9, * versiones 22.1 anteriores a 22.1R3-S5.3, * versiones 22.2 anteriores a 22.2R3-S4.11, * versiones 22.3 anteriores a 22.3R3, * Versiones 22.4 anteriores a 22.4R3. Las versiones de Junos OS anteriores a la 21.4R1 no se ven afectadas por este problema."}], "id": "CVE-2024-21586", "lastModified": "2024-11-21T08:54:39.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-01T17:15:05.193", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA83195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportportal.juniper.net/JSA83195"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}

{"created": "2025-07-13T11:22:20.755928+00:00", "updated": "2025-07-13T11:22:20.755994+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}