CVE-2024-21600

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 20.4R3-S8 Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4 Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S6 Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3 Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S5 Juniper Networks Junos OS 22.1 versions prior to 22.1R2-S2, 22.1R3 Juniper Networks Junos OS 22.2 versions prior to 22.2R2-S1, 22.2R3

Description An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. The issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x.

Recommendations For Juniper Networks Junos OS versions prior to 20.4R3-S8, update to version 20.4R3-S8 or later. For Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4, update to version 21.1R3-S4 or later. For Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S6, update to version 21.2R3-S6 or later. For Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3, update to version 21.3R3-S3 or later. For Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S5, update to version 21.4R3-S5 or later. For Juniper Networks Junos OS 22.1 versions prior to 22.1R2-S2, 22.1R3, update to version 22.1R2-S2 or later. For Juniper Networks Junos OS 22.2 versions prior to 22.2R2-S1, 22.2R3, update to version 22.2R2-S1 or later.