Main Vulnerability Database Vulnerabilities #VU88450

Exposure of resource to wrong sphere in Juniper Junos OS - CVE-2024-21605

Published: April 11, 2024

Vulnerability identifier: #VU88450

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-21605

CWE-ID: CWE-668

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to exposure of resource to wrong sphere error in the Packet Forwarding Engine (PFE). A remote non-authenticated attacker can cause a Denial of Service (DoS).

Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device.

This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605

Exposure of resource to wrong sphere in Juniper Junos OS - CVE-2024-21605

Description

Remediation

External links

Please verify you're human