CVE-2024-21605

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.2R3-S3 through 21.2R3-S6 Juniper Networks Junos OS versions 22.1R3 through 22.1R3-S4 Juniper Networks Junos OS versions 22.2R2 through 22.2R3-S2 Juniper Networks Junos OS versions 22.3R2 through 22.3R3-S1 Juniper Networks Junos OS versions prior to 22.4R2-S2 and 22.4R3 Juniper Networks Junos OS versions prior to 23.2R1-S1 and 23.2R2

Description The issue is related to an Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series, allowing an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device, leading to excessive resource consumption and severe impact on all control and management protocols of the device.

Recommendations For versions 21.2R3-S3 through 21.2R3-S6, update to version 21.2R3-S6 or later. For versions 22.1R3 through 22.1R3-S4, update to version 22.1R3-S4 or later. For versions 22.2R2 through 22.2R3-S2, update to version 22.2R3-S2 or later. For versions 22.3R2 through 22.3R3-S1, update to version 22.3R3-S1 or later. For versions prior to 22.4R2-S2 and 22.4R3, update to version 22.4R2-S2 or 22.4R3 or later. For versions prior to 23.2R1-S1 and 23.2R2, update to version 23.2R1-S1 or 23.2R2 or later.