Request a Demo
Rewterz
Rewterz Threat Alert – New Version of Atomic Stealer Uses Encrypted Payload to Target MacOS Users – Active IOCs
January 12, 2024
Rewterz
Rewterz Threat Advisory – Multiple Trend Micro Apex One and Apex One Zero Day Vulnerabilities
January 12, 2024

Rewterz Threat Advisory – Multiple Juniper Networks Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-21617 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an incomplete cleanup vulnerability in Nonstop active routing (NSR) component. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21604 CVSS:7.5

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a allocation of resources without limits or throttling vulnerability in the kerne. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21599 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a missing release of memory after effective lifetime vulnerability in the Packet Forwarding Engine (PFE). By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21607 CVSS:5.3

Juniper Networks Junos OS could allow a remote attacker to bypass security restrictions, caused by an unsupported feature in the UI vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to cause partial impact to the integrity of the device.

CVE-2024-21585 CVSS:5.9

Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by an improper handling of exceptional conditions vulnerability in BGP session processing. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21600 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an improper neutralization of equivalent special elements vulnerability in the Packet Forwarding Engine (PFE). By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21606 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a double free vulnerability in the flow processing daemon (flowd). By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-21611 CVSS:7.5

Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by missing release of memory after effective lifetime in the Routing Protocol Daemon (rpd). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated, a remote attacker could exploit this vulnerability to cause a slow memory leak and eventually a crash and restart of rpd.

Impact

  • Denial of Service
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2024-21617
  • CVE-2024-21604
  • CVE-2024-21599
  • CVE-2024-21607
  • CVE-2024-21585
  • CVE-2024-21600
  • CVE-2024-21606
  • CVE-2024-21611

Affected Vendors

Juniper

Affected Products

  • Juniper Networks Junos OS
  • Juniper Networks Junos OS Evolved
  • Juniper Networks Junos OS 21.2
  • Juniper Networks Junos OS 21.3
  • Juniper Networks Junos OS 21.4
  • Juniper Networks Junos OS 22.1
  • Juniper Networks Junos OS 22.3
  • Juniper Networks Junos OS 22.2
  • Juniper Networks Junos OS 22.4
  • Juniper Networks Junos OS Evolved 22.4
  • Juniper Networks Junos OS Evolved 21.4
  • Juniper Networks Junos OS Evolved 22.1
  • Juniper Networks Junos OS Evolved 22.2
  • Juniper Networks Junos OS on SRX Series

Remediation

Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-21617

CVE-2024-21604

CVE-2024-21599

CVE-2024-21607

CVE-2024-21585

CVE-2024-21600

CVE-2024-21606

CVE-2024-21611