CVE-2024-21604
Junos OS Evolved: A high rate of specific traffic will cause a complete system outage
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.
The following log messages can be seen when this issue occurs:
<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet
This issue affects Juniper Networks Junos OS Evolved:
* All versions earlier than 20.4R3-S7-EVO;
* 21.2R1-EVO and later versions;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S2-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO;
* 22.4-EVO versions earlier than 22.4R2-EVO.
Una vulnerabilidad de asignación de recursos sin límites ni limitación en el kernel de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Si el motor de enrutamiento (RE) procesa una alta tasa de paquetes válidos específicos, esto provocará una pérdida de conectividad del RE con otros componentes del chasis y, por lo tanto, una interrupción completa y persistente del sistema. Tenga en cuenta que un filtro de firewall lo0 cuidadosamente diseñado bloqueará o limitará estos paquetes, lo que debería evitar que ocurra este problema. Los siguientes mensajes de registro se pueden ver cuando ocurre este problema: kernel: nf_conntrack: nf_conntrack: table full, dropping packet. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S7-EVO; * 21.2R1-EVO y versiones posteriores; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S2-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-EVO; * Versiones 22.3-EVO anteriores a 22.3R2-EVO; * Versiones 22.4-EVO anteriores a 22.4R2-EVO.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-27 CVE Reserved
- 2024-01-12 CVE Published
- 2024-01-20 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | Technical Description |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA75745 | 2024-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2" | r3-s6 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1-s2 |
Affected
| ||||||