CVE-2024-21598 - OpenCVE

Link	Providers
http://supportportal.juniper.net/JSA75739
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21598", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.705Z", "datePublished": "2024-04-12T14:54:23.761Z", "dateUpdated": "2024-08-01T22:27:36.007Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S9", "status": "affected", "version": "20.4", "versionType": "semver"}, {"lessThan": "21.2R3-S7", "status": "affected", "version": "21.2", "versionType": "semver"}, {"lessThan": "21.3R3-S5", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3-S5", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S4", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S1", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R1-S2, 23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S9-EVO", "status": "affected", "version": "20.4-EVO", "versionType": "semver"}, {"lessThan": "21.2R3-S7-EVO", "status": "affected", "version": "21.2-EVO", "versionType": "semver"}, {"lessThan": "21.3R3-S5-EVO", "status": "affected", "version": "21.3-EVO", "versionType": "semver"}, {"lessThan": "21.4R3-S5-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver"}, {"lessThan": "22.1R3-S4-EVO", "status": "affected", "version": "22.1-EVO", "versionType": "semver"}, {"lessThan": "22.2R3-S3-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R3-S1-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}, {"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:  [ protocols bgp group <group> neighbor ... ]"}], "value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [ protocols bgp group <group> neighbor ... ]"}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."}], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: <ul><li>20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;</li><li>21.2 versions earlier than 21.2R3-S7;</li><li>21.3 versions earlier than 21.3R3-S5;</li><li>21.4 versions earlier than 21.4R3-S5;</li><li>22.1 versions earlier than 22.1R3-S4;</li><li>22.2 versions earlier than 22.2R3-S3;</li><li>22.3 versions earlier than 22.3R3-S1;</li><li>22.4 versions earlier than 22.4R3;</li><li>23.2 versions earlier than 23.2R1-S2, 23.2R2;</li></ul> Junos OS Evolved: <ul><li>20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;</li><li>21.2-EVO versions earlier than 21.2R3-S7-EVO;</li><li>21.3-EVO versions earlier than 21.3R3-S5-EVO;</li><li>21.4-EVO versions earlier than 21.4R3-S5-EVO;</li><li>22.1-EVO versions earlier than 22.1R3-S4-EVO;</li><li>22.2-EVO versions earlier than 22.2R3-S3-EVO;</li><li>22.3-EVO versions earlier than 22.3R3-S1-EVO;</li><li>22.4-EVO versions earlier than 22.4R3-EVO;</li><li>23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;</li></ul> This issue does not affect Juniper Networks <ul><li>Junos OS versions earlier than 20.4R1;</li><li>Junos OS Evolved versions earlier than 20.4R1-EVO.</li></ul> This is a related but separate issue than the one described in JSA79095. "}], "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1286", "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T19:53:00.228Z"}, "references": [{"tags": ["vendor-advisory"], "url": "http://supportportal.juniper.net/JSA75739"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;Junos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA75739", "defect": ["1760356"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"affected": [{"vendor": "juniper_networks", "product": "junos_os", "cpes": ["cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20.4", "status": "affected", "lessThan": "20.4r3-s9", "versionType": "custom"}, {"version": "21.2", "status": "affected", "lessThan": "21.2r3-s7", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThan": "21.3r3-s5", "versionType": "custom"}, {"version": "21.4", "status": "affected", "lessThan": "21.4r3-s5", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1r3-s4", "versionType": "custom"}, {"version": "22.2", "status": "affected", "lessThan": "22.2r3-s3", "versionType": "custom"}, {"version": "22.3", "status": "affected", "lessThan": "22.3r3-s1", "versionType": "custom"}, {"version": "22.4", "status": "affected", "lessThan": "22.4r3", "versionType": "custom"}, {"version": "23.2", "status": "affected", "lessThan": "23.2r1-s2", "versionType": "custom"}]}, {"vendor": "juniper", "product": "junos_os_evolved", "cpes": ["cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20.4", "status": "affected", "lessThan": "20.4r3-s9", "versionType": "custom"}, {"version": "21.2", "status": "affected", "lessThan": "21.2r3-s7", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThan": "21.3r3-s5", "versionType": "custom"}, {"version": "21.4", "status": "affected", "lessThan": "21.4r3-s4", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1r3-s4", "versionType": "custom"}, {"version": "22.2", "status": "affected", "lessThan": "22.2r3-s3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-12T18:02:57.570562Z", "id": "CVE-2024-21598", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T14:32:30.418Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.007Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "http://supportportal.juniper.net/JSA75739"}, {"tags": ["technical-description", "x_transferred"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://supportportal.juniper.net/JSA75739", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "tags": ["technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.007Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21598", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-12T18:02:57.570562Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"], "vendor": "juniper_networks", "product": "junos_os", "versions": [{"status": "affected", "version": "20.4", "lessThan": "20.4r3-s9", "versionType": "custom"}, {"status": "affected", "version": "21.2", "lessThan": "21.2r3-s7", "versionType": "custom"}, {"status": "affected", "version": "21.3", "lessThan": "21.3r3-s5", "versionType": "custom"}, {"status": "affected", "version": "21.4", "lessThan": "21.4r3-s5", "versionType": "custom"}, {"status": "affected", "version": "22.1", "lessThan": "22.1r3-s4", "versionType": "custom"}, {"status": "affected", "version": "22.2", "lessThan": "22.2r3-s3", "versionType": "custom"}, {"status": "affected", "version": "22.3", "lessThan": "22.3r3-s1", "versionType": "custom"}, {"status": "affected", "version": "22.4", "lessThan": "22.4r3", "versionType": "custom"}, {"status": "affected", "version": "23.2", "lessThan": "23.2r1-s2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "20.4", "lessThan": "20.4r3-s9", "versionType": "custom"}, {"status": "affected", "version": "21.2", "lessThan": "21.2r3-s7", "versionType": "custom"}, {"status": "affected", "version": "21.3", "lessThan": "21.3r3-s5", "versionType": "custom"}, {"status": "affected", "version": "21.4", "lessThan": "21.4r3-s4", "versionType": "custom"}, {"status": "affected", "version": "22.1", "lessThan": "22.1r3-s4", "versionType": "custom"}, {"status": "affected", "version": "22.2", "lessThan": "22.2r3-s3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T14:18:44.467Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash", "source": {"defect": ["1760356"], "advisory": "JSA75739", "discovery": "USER"}, "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "20.4", "lessThan": "20.4R3-S9", "versionType": "semver"}, {"status": "affected", "version": "21.2", "lessThan": "21.2R3-S7", "versionType": "semver"}, {"status": "affected", "version": "21.3", "lessThan": "21.3R3-S5", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S1", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R1-S2, 23.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "20.4-EVO", "lessThan": "20.4R3-S9-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.2-EVO", "lessThan": "21.2R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.3-EVO", "lessThan": "21.3R3-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4-EVO", "lessThan": "21.4R3-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.1-EVO", "lessThan": "22.1R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-S1-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R1-S2-EVO, 23.2R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;Junos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-04-10T16:00:00.000Z", "references": [{"url": "http://supportportal.juniper.net/JSA75739", "tags": ["vendor-advisory"]}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "tags": ["technical-description"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}, "descriptions": [{"lang": "en", "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095.", "supportingMedia": [{"type": "text/html", "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: <ul><li>20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;</li><li>21.2 versions earlier than 21.2R3-S7;</li><li>21.3 versions earlier than 21.3R3-S5;</li><li>21.4 versions earlier than 21.4R3-S5;</li><li>22.1 versions earlier than 22.1R3-S4;</li><li>22.2 versions earlier than 22.2R3-S3;</li><li>22.3 versions earlier than 22.3R3-S1;</li><li>22.4 versions earlier than 22.4R3;</li><li>23.2 versions earlier than 23.2R1-S2, 23.2R2;</li></ul> Junos OS Evolved: <ul><li>20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;</li><li>21.2-EVO versions earlier than 21.2R3-S7-EVO;</li><li>21.3-EVO versions earlier than 21.3R3-S5-EVO;</li><li>21.4-EVO versions earlier than 21.4R3-S5-EVO;</li><li>22.1-EVO versions earlier than 22.1R3-S4-EVO;</li><li>22.2-EVO versions earlier than 22.2R3-S3-EVO;</li><li>22.3-EVO versions earlier than 22.3R3-S1-EVO;</li><li>22.4-EVO versions earlier than 22.4R3-EVO;</li><li>23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;</li></ul> This issue does not affect Juniper Networks <ul><li>Junos OS versions earlier than 20.4R1;</li><li>Junos OS Evolved versions earlier than 20.4R1-EVO.</li></ul> This is a related but separate issue than the one described in JSA79095. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1286", "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input"}]}, {"descriptions": [{"lang": "en", "description": "Denial of Service (DoS)"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [ protocols bgp group <group> neighbor ... ]", "supportingMedia": [{"type": "text/html", "value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:  [ protocols bgp group <group> neighbor ... ]", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T19:53:00.228Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21598", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:27:36.007Z", "dateReserved": "2023-12-27T19:38:25.705Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-04-12T14:54:23.761Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095."}, {"lang": "es", "value": "Una validaci\u00f3n inadecuada de la vulnerabilidad de correcci\u00f3n sint\u00e1ctica de entrada en el daemon de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en red provoque una denegaci\u00f3n de servicio (DoS). Si se recibe una actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida que contiene un atributo de encapsulaci\u00f3n de t\u00fanel con un TLV espec\u00edficamente mal formado, rpd fallar\u00e1 y se reiniciar\u00e1. Este problema afecta a Juniper Networks Junos OS: * 20.4 versiones 20.4R1 y versiones posteriores anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versiones 20.4R1-EVO y versiones posteriores anteriores a 20.4R3-S9-EVO; * Versiones 21.2-EVO anteriores a 21.2R3-S7-EVO; * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; * Versiones 22.3-EVO anteriores a 22.3R3-S1-EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO; * Versiones 23.2-EVO anteriores a 23.2R1-S2-EVO, 23.2R2-EVO; Este problema no afecta a Juniper Networks * versiones de Junos OS anteriores a 20.4R1; * Versiones de Junos OS Evolved anteriores a 20.4R1-EVO. Este es un problema relacionado pero independiente del descrito en JSA79095."}], "id": "CVE-2024-21598", "lastModified": "2024-05-16T20:15:08.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-04-12T15:15:23.377", "references": [{"source": "sirt@juniper.net", "url": "http://supportportal.juniper.net/JSA75739"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1286"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object