CVE-2024-21604
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.
The following log messages can be seen when this issue occurs:
<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet
This issue affects Juniper Networks Junos OS Evolved:
* All versions earlier than 20.4R3-S7-EVO;
* 21.2R1-EVO and later versions;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S2-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO;
* 22.4-EVO versions earlier than 22.4R2-EVO.
Affected (46)
Products: Juniper: Junos Os Evolved
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 21.2 r1-s1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 21.4 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.1 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.2 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.3 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 22.4 |
References (4)
Source: sirt@juniper.net
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.