{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21604", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.707Z", "datePublished": "2024-01-12T00:54:36.512Z", "dateUpdated": "2024-08-01T22:27:35.509Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S7-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.2*-EVO", "status": "affected", "version": "21.2-EVO", "versionType": "semver"}, {"lessThan": "21.4R3-S5-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver"}, {"lessThan": "22.1R3-S2-EVO", "status": "affected", "version": "22.1-EVO", "versionType": "semver"}, {"lessThan": "22.2R3-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R2-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R2-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}]}], "datePublic": "2024-01-10T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).</p><p>If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.</p><p>The following log messages can be seen when this issue occurs:</p><code>&lt;host&gt; kernel: nf_conntrack: nf_conntrack: table full, dropping packet</code><br><p>This issue affects Juniper Networks Junos OS Evolved:</p><p></p><ul><li>All versions earlier than 20.4R3-S7-EVO;</li><li>21.2R1-EVO and later versions;</li><li>21.4-EVO versions earlier than 21.4R3-S5-EVO;</li><li>22.1-EVO versions earlier than 22.1R3-S2-EVO;</li><li>22.2-EVO versions earlier than 22.2R3-EVO;</li><li>22.3-EVO versions earlier than 22.3R2-EVO;</li><li>22.4-EVO versions earlier than 22.4R2-EVO.</li></ul><p></p>\n\n"}], "value": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.\n\nThe following log messages can be seen when this issue occurs:\n\n<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions earlier than 20.4R3-S7-EVO;\n * 21.2R1-EVO and later versions;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S2-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO;\n * 22.4-EVO versions earlier than 22.4R2-EVO.\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-01-12T00:54:36.512Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA75745"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.4R3-S5-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.4R3-S5-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA75745", "defect": ["1663122", "1712937"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-01-10T17:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS Evolved: A high rate of specific traffic will cause a complete system outage", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>To prevent the device from receiving high rates of valid traffic please configure firewall filters to block unexpected and even throttle expected traffic.</p>"}], "value": "To prevent the device from receiving high rates of valid traffic please configure firewall filters to block unexpected and even throttle expected traffic.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.509Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA75745"}, {"tags": ["technical-description", "x_transferred"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "6D5DC04F-18DE-403B-BE93-2251F3332C1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", "matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*", "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*", "matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*", "matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*", "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*", "matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*", "matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", "matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*", "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.\n\nThe following log messages can be seen when this issue occurs:\n\n<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions earlier than 20.4R3-S7-EVO;\n * 21.2R1-EVO and later versions;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S2-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO;\n * 22.4-EVO versions earlier than 22.4R2-EVO.\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n en el kernel de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Si el motor de enrutamiento (RE) procesa una alta tasa de paquetes v\u00e1lidos espec\u00edficos, esto provocar\u00e1 una p\u00e9rdida de conectividad del RE con otros componentes del chasis y, por lo tanto, una interrupci\u00f3n completa y persistente del sistema. Tenga en cuenta que un filtro de firewall lo0 cuidadosamente dise\u00f1ado bloquear\u00e1 o limitar\u00e1 estos paquetes, lo que deber\u00eda evitar que ocurra este problema. Los siguientes mensajes de registro se pueden ver cuando ocurre este problema: kernel: nf_conntrack: nf_conntrack: table full, dropping packet. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S7-EVO; * 21.2R1-EVO y versiones posteriores; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S2-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-EVO; * Versiones 22.3-EVO anteriores a 22.3R2-EVO; * Versiones 22.4-EVO anteriores a 22.4R2-EVO."}], "id": "CVE-2024-21604", "lastModified": "2024-01-19T22:56:35.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-01-12T01:15:48.677", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA75745"}, {"source": "sirt@juniper.net", "tags": ["Third Party Advisory"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}