CVE-2024-21595

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.4R3 through 21.4R3-S4 Juniper Networks Junos OS versions 22.1R3 through 22.1R3-S3 Juniper Networks Junos OS versions 22.2R2 through 22.2R3-S1 Juniper Networks Junos OS versions 22.3 through 22.3R2-S2, 22.3R3 Juniper Networks Junos OS versions 22.4 through 22.4R2 Juniper Networks Junos OS versions 23.1 through 23.1R2

Description An Improper Validation of Syntactic Correctness of Input issue in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends a high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.

Recommendations For Juniper Networks Junos OS versions 21.4R3 through 21.4R3-S4, update to version 21.4R3-S4 or later. For Juniper Networks Junos OS versions 22.1R3 through 22.1R3-S3, update to version 22.1R3-S3 or later. For Juniper Networks Junos OS versions 22.2R2 through 22.2R3-S1, update to version 22.2R3-S1 or later. For Juniper Networks Junos OS versions 22.3 through 22.3R2-S2, 22.3R3, update to version 22.3R2-S2 or 22.3R3 or later. For Juniper Networks Junos OS versions 22.4 through 22.4R2, update to version 22.4R2 or later. For Juniper Networks Junos OS versions 23.1 through 23.1R2, update to version 23.1R2 or later.