Vulnerabilities > CVE-2024-21612 - Unspecified vulnerability in Juniper Junos OS Evolved

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

juniper

NVD

Published: 2024-01-12

Updated: 2024-01-29

Summary

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos OS Evolved 21.2 Juniper Junos OS Evolved 21.3 Juniper Junos OS Evolved 18.3 Juniper Junos OS Evolved 19.1 Juniper Junos OS Evolved 19.2 Juniper Junos OS Evolved 19.3 Juniper Junos OS Evolved 19.4 Juniper Junos OS Evolved 20.1 Juniper Junos OS Evolved 20.2 Juniper Junos OS Evolved 20.3 Juniper Junos OS Evolved 20.4 Juniper Junos OS Evolved 21.1 Juniper Junos OS Evolved 21.4 Juniper Junos OS Evolved 22.1 Juniper Junos OS Evolved 22.2 Juniper Junos OS Evolved 22.3 Juniper Junos OS Evolved 22.4	125

Summary

Vulnerable Configurations

References