{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21612", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.709Z", "datePublished": "2024-01-12T00:55:37.059Z", "dateUpdated": "2025-06-17T21:09:20.546Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S7-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.3R3-S5-EVO ", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3-S5-EVO", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S4-EVO", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3-EVO ", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R2-EVO, 22.4R3-EVO", "status": "affected", "version": "22.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>To be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.</p><code>[ show system connections | match ofp | match LISTEN ]</code><br>\n\n<br>"}], "value": "\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\n\n[ show system connections | match ofp | match LISTEN ]\n\n\n\n"}], "datePublic": "2024-01-10T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p></p>\n\n<p>An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).</p><p>On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.</p>\n\n<p></p><p>This issue affects:</p><p>Juniper Networks Junos OS Evolved</p><p></p><ul><li>All versions earlier than 21.2R3-S7-EVO;</li><li>21.3 versions earlier than 21.3R3-S5-EVO ;</li><li>21.4 versions earlier than 21.4R3-S5-EVO;</li><li>22.1 versions earlier than 22.1R3-S4-EVO;</li><li>22.2 versions earlier than 22.2R3-S3-EVO ;</li><li>22.3 versions earlier than 22.3R3-EVO;</li><li>22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.</li></ul><p></p>\n\n"}], "value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-228", "description": "CWE-228: Improper Handling of Syntactically Invalid Structure", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-01-29T15:28:06.536Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA75753"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA75753", "defect": ["1714333"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-01-10T17:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2024-01-26T17:00:00.000Z", "value": "Added required configuration"}], "title": "Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>In order to prevent this issue, following firewall filter needs to be added for each OFP port.</p><tt>[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_1&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_2&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp then discard ]<br>[ firewall family inet filter mgmt-filter term 2 then accept ]<br></tt><br><tt>[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]<br>[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]</tt><br>\n\n<tt></tt>"}], "value": "\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\n\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_1> ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_2> ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.014Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA75753"}, {"tags": ["technical-description", "x_transferred"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21612", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-12T15:44:31.372599Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:09:20.546Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21612", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-12-27T19:38:25.709Z", "datePublished": "2024-01-12T00:55:37.059Z", "dateUpdated": "2025-06-17T21:09:20.546Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S7-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.3R3-S5-EVO ", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3-S5-EVO", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S4-EVO", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3-EVO ", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R2-EVO, 22.4R3-EVO", "status": "affected", "version": "22.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>To be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.</p><code>[ show system connections | match ofp | match LISTEN ]</code><br>\n\n<br>"}], "value": "\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\n\n[ show system connections | match ofp | match LISTEN ]\n\n\n\n"}], "datePublic": "2024-01-10T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p></p>\n\n<p>An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).</p><p>On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.</p>\n\n<p></p><p>This issue affects:</p><p>Juniper Networks Junos OS Evolved</p><p></p><ul><li>All versions earlier than 21.2R3-S7-EVO;</li><li>21.3 versions earlier than 21.3R3-S5-EVO ;</li><li>21.4 versions earlier than 21.4R3-S5-EVO;</li><li>22.1 versions earlier than 22.1R3-S4-EVO;</li><li>22.2 versions earlier than 22.2R3-S3-EVO ;</li><li>22.3 versions earlier than 22.3R3-EVO;</li><li>22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.</li></ul><p></p>\n\n"}], "value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-228", "description": "CWE-228: Improper Handling of Syntactically Invalid Structure", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-01-29T15:28:06.536Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA75753"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA75753", "defect": ["1714333"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2024-01-10T17:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2024-01-26T17:00:00.000Z", "value": "Added required configuration"}], "title": "Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>In order to prevent this issue, following firewall filter needs to be added for each OFP port.</p><tt>[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_1&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_2&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp then discard ]<br>[ firewall family inet filter mgmt-filter term 2 then accept ]<br></tt><br><tt>[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]<br>[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]</tt><br>\n\n<tt></tt>"}], "value": "\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\n\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_1> ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_2> ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.014Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA75753"}, {"tags": ["technical-description", "x_transferred"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21612", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-12T15:44:31.372599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:07:49.864Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C14B5A6-597A-4181-8C42-392A2E4605BF", "versionEndExcluding": "21.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "6D5DC04F-18DE-403B-BE93-2251F3332C1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*", "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", "matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*", "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*", "matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*", "matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*", "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*", "matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "1FD8C240-A7FE-4FD5-ADCC-289C1BC461BF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*", "matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*", "matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*", "matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", "matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*", "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de manejo inadecuado de una estructura sint\u00e1cticamente no v\u00e1lida en el servicio Object Flooding Protocol (OFP) de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). En todas las plataformas Junos OS Evolved, cuando se reciben paquetes TCP espec\u00edficos en un puerto OFP abierto, el OFP falla y se reinicia el Routine Engine (RE). La recepci\u00f3n continua de estos paquetes TCP espec\u00edficos dar\u00e1 lugar a una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). Este problema afecta a: Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 21.2R3-S7-EVO; * Versiones 21.3 anteriores a 21.3R3-S5-EVO; * Versiones 21.4 anteriores a 21.4R3-S5-EVO; * Versiones 22.1 anteriores a 22.1R3-S4-EVO; * Versiones 22.2 anteriores a 22.2R3-S3-EVO; * Versiones 22.3 anteriores a 22.3R3-EVO; * Versiones 22.4 anteriores a 22.4R2-EVO, 22.4R3-EVO."}], "id": "CVE-2024-21612", "lastModified": "2024-11-21T08:54:43.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T01:15:49.457", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA75753"}, {"source": "sirt@juniper.net", "tags": ["Third Party Advisory"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA75753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-228"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}