CVE-2024-21604

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S7-EVO Juniper Networks Junos OS Evolved version 21.2R1-EVO and later versions Juniper Networks Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S5-EVO Juniper Networks Junos OS Evolved versions 22.1-EVO prior to 22.1R3-S2-EVO Juniper Networks Junos OS Evolved versions 22.2-EVO prior to 22.2R3-EVO Juniper Networks Junos OS Evolved versions 22.3-EVO prior to 22.3R2-EVO Juniper Networks Junos OS Evolved versions 22.4-EVO prior to 22.4R2-EVO

Description An Allocation of Resources Without Limits or Throttling issue in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE), this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. A carefully designed lo0 firewall filter can block or limit these packets, which should prevent this issue from occurring.

Recommendations For versions prior to 20.4R3-S7-EVO, update to version 20.4R3-S7-EVO or later. For version 21.2R1-EVO and later versions, ensure a carefully designed lo0 firewall filter is in place to block or limit specific valid packets. For versions 21.4-EVO prior to 21.4R3-S5-EVO, update to version 21.4R3-S5-EVO or later. For versions 22.1-EVO prior to 22.1R3-S2-EVO, update to version 22.1R3-S2-EVO or later. For versions 22.2-EVO prior to 22.2R3-EVO, update to version 22.2R3-EVO or later. For versions 22.3-EVO prior to 22.3R2-EVO, update to version 22.3R2-EVO or later. For versions 22.4-EVO prior to 22.4R2-EVO, update to version 22.4R2-EVO or later. As a temporary workaround, consider implementing a carefully designed lo0 firewall filter to block or limit specific valid packets until a patch is available.