{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-21586","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2023-12-27T19:38:25.703Z","datePublished":"2024-07-01T16:34:21.768Z","dateUpdated":"2024-08-01T22:27:34.830Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["SRX Series"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"21.4R1","status":"unaffected","version":"0","versionType":"semver"},{"lessThan":"21.4R3-S7.9","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.1R3-S5.3","status":"affected","version":"22.1","versionType":"semver"},{"lessThan":"22.2R3-S4.11","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.3R3","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R3","status":"affected","version":"22.4","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["NFX Series"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"21.4R1","status":"unaffected","version":"0","versionType":"semver"},{"lessThan":"21.4R3-S8","status":"affected","version":"21.4","versionType":"semver"},{"status":"affected","version":"22.1"},{"lessThan":"22.2R3-S5","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.3R3","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R3","status":"affected","version":"22.4","versionType":"semver"}]}],"datePublic":"2024-07-01T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.

This issue affects Junos OS on SRX Series:

\n\nThis issue affects Junos OS on NFX Series:

\n\nJunos OS versions prior to 21.4R1 are not affected by this issue."}],"value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart. Continued receipt and processing of this traffic will create a sustained DoS condition.\n\nThis issue affects Junos OS on SRX Series:\n\n * 21.4 versions before 21.4R3-S7.9,\n * 22.1 versions before 22.1R3-S5.3,\n * 22.2 versions before 22.2R3-S4.11,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nThis issue affects Junos OS on NFX Series:\n\n * 21.4 versions before 21.4R3-S8,\n * 22.1 versions after 22.1R1,\n * 22.2 versions before 22.2R3-S5,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\n\n\n\n\nJunos OS versions prior to 21.4R1 are not affected by this issue."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, multiple occurrences of this issue have been reported in production."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, multiple occurrences of this issue have been reported in production."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-07-18T11:56:34.905Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA83195"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nThe following software releases have been updated to resolve this specific issue:
SRX Series: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;
NFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.
* Pending publication.

Please note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n"}],"value":"\nThe following software releases have been updated to resolve this specific issue: \nSRX Series: 21.4R3-S7.9, 22.1R3-S5.3, 22.2R3-S4.11, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases;\nNFX Series: 21.4R3-S8, 22.2R3-S5*, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n* Pending publication.\n\nPlease note that the software versions 21.4R3-S7.9, 22.1R3-S5.3 and 22.2R3-S4.11 are respins of previously released versions, so special attention needs to be paid to the last digits of the version number.\n\n"}],"source":{"advisory":"JSA83195","defect":["1719594"],"discovery":"USER"},"timeline":[{"lang":"en","time":"2024-07-01T16:00:00.000Z","value":"Initial Publication"},{"lang":"en","time":"2024-07-18T11:55:00.000Z","value":"Updated to include NFX Series as affected with the resp. fixes. Added link to CVE at cve.org"}],"title":"Junos OS: SRX Series and NFX Series: Specific valid traffic leads to a PFE crash","workarounds":[{"lang":"en","value":"There are no known workarounds for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"juniper","product":"junos","cpes":["cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"21.4r1","versionType":"semver"}]},{"vendor":"juniper","product":"junos","cpes":["cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*","cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*","cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*","cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*","cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"21.4","status":"affected","lessThan":"21.4r3-s7.9","versionType":"custom"},{"version":"22.1","status":"affected","lessThan":"22.1r3-s5.3","versionType":"custom"},{"version":"22.2","status":"affected","lessThan":"22.2r3-s4.11","versionType":"custom"},{"version":"22.3","status":"affected","lessThan":"22.3r3","versionType":"custom"},{"version":"22.4","status":"affected","lessThan":"22.4r3","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-01T18:15:05.037600Z","id":"CVE-2024-21586","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-01T18:15:08.861Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:27:34.830Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://supportportal.juniper.net/JSA83195"}]}]}}