CVSS: 8.7EPSS: 0%CPEs: 20EXPL: 0CVE-2024-21598 – Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
https://notcve.org/view.php?id=CVE-2024-21598
12 Apr 2024 — An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier th... • http://supportportal.juniper.net/JSA75739 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21593 – Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash
https://notcve.org/view.php?id=CVE-2024-21593
12 Apr 2024 — An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured... • https://supportportal.juniper.net/JSA75732 • CWE-703: Improper Check or Handling of Exceptional Conditions •