cvelistv5 - cve-2024-21612

CVE-2024-21612 (GCVE-0-2024-21612)

Vulnerability from cvelistv5

Published

2024-01-12 00:55

Modified

2025-06-17 21:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-228 - Improper Handling of Syntactically Invalid Structure
Denial of Service (DoS)

Summary

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

References

URL

Tags

	https://supportportal.juniper.net/JSA75753	vendor-advisory
	https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	technical-description

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS Evolved	Version: 0 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75753"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21612",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-12T15:44:31.372599Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:09:20.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S7-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5-EVO ",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5-EVO",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4-EVO",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO ",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-EVO",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-EVO, 22.4R3-EVO",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\u003c/p\u003e\u003ccode\u003e[ show system connections | match ofp | match LISTEN ]\u003c/code\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\n\n[ show system connections | match ofp | match LISTEN ]\n\n\n\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5-EVO ;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3-EVO ;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n  *  All versions earlier than 21.2R3-S7-EVO;\n  *  21.3 versions earlier than 21.3R3-S5-EVO ;\n  *  21.4 versions earlier than 21.4R3-S5-EVO;\n  *  22.1 versions earlier than 22.1R3-S4-EVO;\n  *  22.2 versions earlier than 22.2R3-S3-EVO ;\n  *  22.3 versions earlier than 22.3R3-EVO;\n  *  22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-228",
              "description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-29T15:28:06.536Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75753"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75753",
        "defect": [
          "1714333"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2024-01-26T17:00:00.000Z",
          "value": "Added required configuration"
        }
      ],
      "title": "Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\u003c/p\u003e\u003ctt\u003e[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_1\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_2\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term 2 then accept ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003cbr\u003e[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003c/tt\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003c/tt\u003e"
            }
          ],
          "value": "\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\n\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_1\u003e ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_2\u003e ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21612",
    "datePublished": "2024-01-12T00:55:37.059Z",
    "dateReserved": "2023-12-27T19:38:25.709Z",
    "dateUpdated": "2025-06-17T21:09:20.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Junos OS Evolved\", \"vendor\": \"Juniper Networks\", \"versions\": [{\"lessThan\": \"21.2R3-S7-EVO\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}, {\"lessThan\": \"21.3R3-S5-EVO \", \"status\": \"affected\", \"version\": \"21.3\", \"versionType\": \"semver\"}, {\"lessThan\": \"21.4R3-S5-EVO\", \"status\": \"affected\", \"version\": \"21.4\", \"versionType\": \"semver\"}, {\"lessThan\": \"22.1R3-S4-EVO\", \"status\": \"affected\", \"version\": \"22.1\", \"versionType\": \"semver\"}, {\"lessThan\": \"22.2R3-S3-EVO \", \"status\": \"affected\", \"version\": \"22.2\", \"versionType\": \"semver\"}, {\"lessThan\": \"22.3R3-EVO\", \"status\": \"affected\", \"version\": \"22.3\", \"versionType\": \"semver\"}, {\"lessThan\": \"22.4R2-EVO, 22.4R3-EVO\", \"status\": \"affected\", \"version\": \"22.4\", \"versionType\": \"semver\"}]}], \"configurations\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\u003c/p\u003e\u003ccode\u003e[ show system connections | match ofp | match LISTEN ]\u003c/code\u003e\u003cbr\u003e\\n\\n\u003cbr\u003e\"}], \"value\": \"\\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\\n\\n[ show system connections | match ofp | match LISTEN ]\\n\\n\\n\\n\"}], \"datePublic\": \"2024-01-10T17:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003e\u003c/p\u003e\\n\\n\u003cp\u003eAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5-EVO ;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3-EVO ;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\"}], \"value\": \"\\n\\n\\n\\n\\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\\n\\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\\n\\n\\n\\n\\n\\nThis issue affects:\\n\\nJuniper Networks Junos OS Evolved\\n\\n\\n\\n  *  All versions earlier than 21.2R3-S7-EVO;\\n  *  21.3 versions earlier than 21.3R3-S5-EVO ;\\n  *  21.4 versions earlier than 21.4R3-S5-EVO;\\n  *  22.1 versions earlier than 22.1R3-S4-EVO;\\n  *  22.2 versions earlier than 22.2R3-S3-EVO ;\\n  *  22.3 versions earlier than 22.3R3-EVO;\\n  *  22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\\n\\n\\n\\n\\n\\n\\n\"}], \"exploits\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e\"}], \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\\n\\n\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-228\", \"description\": \"CWE-228: Improper Handling of Syntactically Invalid Structure\", \"lang\": \"en\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"description\": \"Denial of Service (DoS)\", \"lang\": \"en\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-01-29T15:28:06.536Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://supportportal.juniper.net/JSA75753\"}, {\"tags\": [\"technical-description\"], \"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e\"}], \"value\": \"The following software releases have been updated to resolve this specific issue:\\n\\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\\n\\n\"}], \"source\": {\"advisory\": \"JSA75753\", \"defect\": [\"1714333\"], \"discovery\": \"USER\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-01-10T17:00:00.000Z\", \"value\": \"Initial Publication\"}, {\"lang\": \"en\", \"time\": \"2024-01-26T17:00:00.000Z\", \"value\": \"Added required configuration\"}], \"title\": \"Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE\", \"workarounds\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\u003c/p\u003e\u003ctt\u003e[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_1\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_2\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term 2 then accept ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003cbr\u003e[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003c/tt\u003e\u003cbr\u003e\\n\\n\u003ctt\u003e\u003c/tt\u003e\"}], \"value\": \"\\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\\n\\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_1\u003e ]\\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_2\u003e ]\\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\\n[ firewall family inet filter mgmt-filter term 2 then accept ]\\n\\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\\n\\n\\n\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-av217\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:36.014Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://supportportal.juniper.net/JSA75753\"}, {\"tags\": [\"technical-description\", \"x_transferred\"], \"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21612\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-12T15:44:31.372599Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T21:07:49.864Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21612\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"juniper\", \"dateReserved\": \"2023-12-27T19:38:25.709Z\", \"datePublished\": \"2024-01-12T00:55:37.059Z\", \"dateUpdated\": \"2025-06-17T21:09:20.546Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0027

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPView versions versions antérieures à 9.1R5
Juniper Networks	Junos OS Evolved	Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO
Juniper Networks	N/A	Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1
Juniper Networks	Junos OS	Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à SSR-6.2.3-r2
Juniper Networks	N/A	Security Director Insights versions antérieures à 23.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA75723 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75741 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75752 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75757 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75730 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75734 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75737 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75721 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75736 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75747 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75758 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA11272 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75727 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75233 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75754 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75753 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75742 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75740 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75748 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75744 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75743 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75738 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75733 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75725 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75755 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75735 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75745 du 10 janvier 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA75729 du 10 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
      "product": {
        "name": "Session Smart Router",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
    },
    {
      "name": "CVE-2024-21602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
    },
    {
      "name": "CVE-2022-41974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
    },
    {
      "name": "CVE-2023-38802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-42720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
    },
    {
      "name": "CVE-2022-30594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
    },
    {
      "name": "CVE-2022-41973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
    },
    {
      "name": "CVE-2023-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
    },
    {
      "name": "CVE-2024-21616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-1281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
    },
    {
      "name": "CVE-2024-21599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
    },
    {
      "name": "CVE-2024-21614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-26464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2024-21607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2023-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2022-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2022-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-20569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
    },
    {
      "name": "CVE-2024-21596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2021-33656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
    },
    {
      "name": "CVE-2023-1582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2023-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
    },
    {
      "name": "CVE-2024-21604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2022-0934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
    },
    {
      "name": "CVE-2020-9493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2022-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2022-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-21600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
    },
    {
      "name": "CVE-2021-33655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2022-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-21606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-41222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2022-23305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2024-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
    },
    {
      "name": "CVE-2020-12321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
    },
    {
      "name": "CVE-2022-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
    },
    {
      "name": "CVE-2022-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2022-43945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
    },
    {
      "name": "CVE-2022-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2024-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
    },
    {
      "name": "CVE-2022-42721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-4254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
    },
    {
      "name": "CVE-2024-21617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
    },
    {
      "name": "CVE-2023-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
    },
    {
      "name": "CVE-2024-21589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2022-20141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2024-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2022-22164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
    },
    {
      "name": "CVE-2024-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2023-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2021-26341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
    },
    {
      "name": "CVE-2022-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2022-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2022-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2022-25265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
    },
    {
      "name": "CVE-2022-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
    },
    {
      "name": "CVE-2022-2873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2024-21611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
    },
    {
      "name": "CVE-2024-21613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2024-21612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
    },
    {
      "name": "CVE-2022-42722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
    },
    {
      "name": "CVE-2024-21603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
    },
    {
      "name": "CVE-2022-23302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2023-36842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2024-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
    },
    {
      "name": "CVE-2022-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
    },
    {
      "name": "CVE-2022-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2022-41674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
    },
    {
      "name": "CVE-2024-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    }
  ],
  "initial_release_date": "2024-01-11T00:00:00",
  "last_revision_date": "2024-01-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0027",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-21612 (GCVE-0-2024-21612)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0027

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature