CVE-2024-21590 - Vulnerability Details

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos Os Evolved

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA75728
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

History

Thu, 23 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Os Evolved
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:juniper:junos_os_evolved:::::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7:::::: cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
Vendors & Products		Juniper Juniper junos Os Evolved

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-04-12T14:53:49.366Z

Updated: 2024-08-01T22:27:34.794Z

Reserved: 2023-12-27T19:38:25.704Z

Link: CVE-2024-21590

Vulnrichment

Updated: 2024-08-01T22:27:34.794Z

NVD

Status : Analyzed

Published: 2024-04-12T15:15:22.983

Modified: 2025-01-23T15:29:31.793

Link: CVE-2024-21590

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object